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Users  Rush  to  Plug 
Microsoft’s  Holes 


Fears  of  new  worms, 
fast  release  of  exploit 
code  spur  action  by  FT 

BY  JAIKUMAR  VIJAYAN 

The  availability  of  code  capa¬ 
ble  of  exploiting  a  critical  vul¬ 
nerability  in  Windows  2000  — 
just  one  day  after  the  flaw  was 
disclosed  as  part  of  Microsoft 
Corp.’s  monthly  security  up¬ 
dates  last  Tuesday  —  lent 


■  A  Cisco  exec  defends  the  vendor’s 
efforts  to  stop  a  security  researcher 
from  talking  about  an  exploit  of  a 
router  software  flaw. 


urgency  to  efforts  by  IT  man¬ 
agers  to  patch  their  systems 
as  quickly  as  possible. 

For  instance,  the  American 
Red  Cross,  which  in  August 
saw  traffic  on  its  networks  be¬ 
come  saturated  by  the  Zotob 
worm,  was  already  deploying 
Microsoft’s  latest  patches  last 
week,  according  to  Ron  Bak- 
larz,  chief  information  securi¬ 
ty  officer  at  the  Washington- 
based  relief  organization. 

“We  have  dramatically  im¬ 
proved  our  procedures  to  im¬ 
prove  on  our  patch  implemen¬ 
tation  time,”  Baklarz  said 
without  elaborating.  He  added 
Holes,  page  70 


Data  on  Interex  Members 
For  Sale  to  Highest  Bidder 


BY  PATRICK  THIBODEAU 

The  trustee  overseeing  the 
now-defunct  Interex  user 
group’s  remaining  assets  plans 
to  sell  its  membership  database 
to  the  highest  bidder  to  help 
satisfy  the  demands  of  the 
group’s  creditors,  according  to 
a  bankruptcy  court  notice. 

Interex  claimed  about 
100,000  members  before  clos¬ 
ing  down  in  July  and  then  fil¬ 
ing  for  Chapter  7  bankruptcy 
protection  the  following 


month  in  U.S.  Bankruptcy 
Court  for  the  Northern  Dis¬ 
trict  of  California.  The  court 
notice  about  the  upcoming 
sale  of  the  membership  data¬ 
base  was  dated  Oct.  5,  but 
news  of  the  plan  just  reached 
some  former  members  of  the 
independent  Hewlett-Packard 
Co.  user  group  last  week. 

According  to  the  court  fil¬ 
ing,  trustee  Carol  W.  Wu  has 
received  an  offer  of  $15,000  for 
Interex,  page  16 


FT  managers 
face  the  chaos 


REPORT  of  overseeing 


thousands  of 
elements  in  their  storage 
architectures.  We  evaluate 
four  technologies  to  see  if 
they  really  simplify  the  job. 
Stories  begin  on  page  51. 


Drowning  in  data? 

Get  our  new  Executive  Briefing  on  storage  management  strategies. 
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Execs  Use  Services  Model  to  Reshape  IT  Units 


Data  center  managers  credit  ITIF  for  helping  to 
make  their  operations  more  effective,  efficient 


BY  PATRICK  THIBODEAU 

CHICAGO 

Several  years  ago,  the  state  of 
the  help  desk  at  GuideStone 
Financial  Resources  could  be 
summed  up  by  what  end  users 
called  it:  “the  helpless  desk.” 
Not  only  was  the  moniker  un¬ 
flattering,  it  reflected  linger¬ 
ing  system  problems  that  hurt 
the  investment  management 
firm’s  employee  productivity. 

With  that  in  mind,  the  IT 
department  at  Dallas-based 
GuideStone,  which  is  owned 
by  the  Southern  Baptist  Con- 


INSIDE:  VMware  plans  more  auto¬ 
mated  virtualization  software:  Novell 


and  IBM  offer  a  new  approach  on 
blade  server  OS  pricing.  PAGE  6 

ONLINE:  Read  full  coverage  of  data 
center  technologies  and  issues  on  our  / 
Website.  O  QuickLink  a5040 


vention,  turned  to  the  Infor¬ 
mation  Technology  Infrastruc¬ 
ture  Library  standard.  One  of 
the  driving  goals  of  ITIL  is  to 
reshape  IT  operations  into  a 
services  model  by  spelling  out 


service  levels  and  detailed 
processes  for  delivering, 
managing  and  supporting 
technology. 

Proponents  say  the  standard 
can  help  cut  IT  costs  and  im¬ 
prove  alignment  with  business 
units,  which  may  explain  the 
interest  in  it  among  IT  man¬ 
agers  at  a  conference  held 
here  last  week  by  AFCOM,  an 
Orange,  Calif.-based  profes¬ 
sional  association  that  focuses 
on  data  center  issues. 

Dawn  Sawyer,  operations 
manager  at  GuideStone,  said 
that  she  began  implementing 
ITIL  processes  four  years  ago 
and  that  the  work  is  still  in 

ITIL,  page  72 


73%  of  the  FORTUNE  100®  and  76%  of  the 
European  100  compared  business  collaboration  providers 

and  came  to  a  single  conclusion. 
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Obviously,  great  minds 
think  alike. 
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KNOWLEDGE CENTER 
STORAGE 

Battling  Complexity 

Storage  resource 
management,  virtu¬ 
alization,  object- 
based  storage  and 
data  classification 
tools  are  supposed  to  help  you 
defeat  the  complexity  monster. 
Do  they  really? 

PACKAGE  STARTS  ON  PAGE  51. 

52  Virtual  Unity.  By  creating  one  big 
pool  of  storage,  virtualization  can 
help  you  manage 
data  growth  and 
smooth  out  capaci¬ 
ty  crunches.  Alber¬ 
to  Cruz  Natal,  tech¬ 
nical  manager  at 
Hunterdon  Medical 
Center,  moved  the 
community  hospital 
to  a  centralized 
storage  architecture  via  a  SAN 
and  a  high-end  Shark  array. 


56  Decluttered  Data.  The  demands 
of  compliance  and  legal  discovery 
drew  the  first  adopters  to  object- 
based  storage,  yet  companies  with 
large  stores  of  digital  assets  are 
now  reaping  the  benefits,  too. 

58  Watchful  Eye.  Storage  resource 
management  offers  a  single  win¬ 
dow  into  the  storage  network, 
making  it  possible  to  measure 
the  performance  of  any  piece  of 
equipment. 
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tools  tag  data 
prior  to  back¬ 
up  and  use  a 
policy  engine 
to  determine  how  to  store  it  based 
on  its  importance  to  the  business, 
freeing  up  primary  storage. 
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trol  over  all  the  mobile  data  stor¬ 
age  devices  inside  your  company. 
What  you  need  to  do  is  get  control 
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Hall. 
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Microsoft  to  Help 
Nigeria  Fight  Crime 

Microsoft  Corp.  has  signed  an 
agreement  with  the  Nigerian  gov¬ 
ernment  to  help  its  law  enforce¬ 
ment  agencies  break  up  crime 
rings  that  use  the  Internet  for 
fraud  and  theft.  Microsoft  will 
work  with  Nigeria’s  Economic  and 
Financial  Crimes  Commission, 
created  two  years  ago  to  address 
Internet  crime,  money  laundering 
and  corruption. 


Symantec  Patches 
NetBackup  Flaw 

Symantec  Corp.  has  patched  a 
critical  vulnerability  in  its  Veritas 
NetBackup  software  that  could 
be  used  to  seize  control  of  an 
unpatched  system.  A  bug  in  the 
Java  authentication  service  could 
be  exploited  using  specially  craft¬ 
ed  commands.  The  bug  was  dis¬ 
closed  by  A.D.  Consulting  Ltd.’s 
French  Security  Incident  Re¬ 
sponse  Team. 


HP  Recalls  135,000 
Defective  Batteries 

Hewlett-Packard  Co.  has  recalled 
about  135,000  lithium-ion  re¬ 
chargeable  battery  packs  after 
several  melted  or  charred  laptop 
casings.  The  battery,  made  by 
a  third-party  vendor  that  HP 
wouldn’t  identify,  is  used  in  the 
HP  Pavilion,  Compaq  Presario, 

HP  Compaq  and  Compaq  Evo 
laptops.  HP  received  16  reports 
of  batteries  overheating. 

Palm,  RIM  to  Jointly 
Release  New  Device 

Palm  Inc.  and  Research  In  Motion 
Ltd.  plan  to  announce  today  the 
BiackBerry  Connect  for  Palm  Treo 
650.  The  jointly  developed  hand¬ 
held  system  will  ship  in  early 
2006.  The  device,  which  will  run 
the  Palm  Garnet  operating  sys¬ 
tem,  will  push  e-mail  and  calen¬ 
dar  functions  to  BiackBerry 
users.  The  new  system  also  gives 
1 1  shops  the  option  of  offering 
users  Treo  devices  instead  of 
BlackBerries. 


VMware  Upgrade  Will  Double 
CPU  Support,  Automate  Tasks 


Dynamic  reallocation,  load  balancing 
on  tap  for  server  virtualization  software 


BY  PATRICK  THIBODEAU 

MWARE  INC.  plans 
to  release  new  ver¬ 
sions  of  its  flagship 
server  virtualization 
products  in  next  year’s  first 
quarter,  doubling  the  number 
of  processors  supported  by  its 
ESX  Server  software  to  four 
and  adding  a  set  of  automation 
features. 

The  upgraded  releases  of 
ESX  Server  and  VMware’s  Vir- 
tualCenter  software,  which  are 
typically  purchased  together, 
are  scheduled  to  be  detailed 
this  week  at  VMware’s  user 
conference  in  Las  Vegas. 

Brian  Byun,  vice  president 
of  products  at  the  Palo  Alto, 
Calif. -based  subsidiary  of 
EMC  Corp.,  said  last  week  that 
the  new  software  will  be  able 
to  monitor  physical  servers 
and  automatically  reallocate 
virtual  machines  to  other  sys¬ 
tems  in  the  event  of  any  fail¬ 
ures.  That  function,  called  the 
Distributed  Availability  Ser¬ 
vice,  is  designed  to  ensure  that 
applications  can  continue  to 
run  without  intervention  by 
systems  administrators. 

Also  included  is  a  feature 
called  Distributed  Resource 
Scheduling,  which  is  intended 
to  improve  system  utilization 
by  continuously  balancing 
workloads,  Byun  said. 

The  upcoming  ESX  Server  3 
and  VirtualCenter  2  releases 
are  in  limited  testing  now  and 
should  be  ready  for  wider  beta 
tests  later  this  year. 

Virtual  Opportunities 

The  four-way  processor  sup¬ 
port  and  a  planned  increase  in 
memory  capacity  to  16GB,  up 
from  3.5GB,  may  allow  some 
users  to  move  resource-inten¬ 
sive  applications  to  virtual 
machines. 

That’s  something  Doug  Baer, 
a  systems  engineer  at  Desert 
Schools  Federal  Credit  Union 


in  Phoenix,  is  thinking  about. 
Baer  manages  152  physical 
servers,  mostly  dual-processor 
x86  machines,  and  he  has  vir¬ 
tualized  many  of  his  systems, 
which  support  about  2,000 
end  users.  With  the  increased 
processor  support  in  ESX,  it 
may  be  possible  to  move  the 
credit  union’s  SQL  Server 
database  to  a  virtualized 
environment,  Baer  said. 

Virtualizing  SQL  Server 
would  also  enable  him  to  use 
the  automated  fail-over  capa¬ 
bilities  in  VMware’s  new  re¬ 
leases.  “It  will  probably  give  us 
better  disaster  recovery  for 
our  SQL  Server,”  Baer  said. 
“With  VMware,  it’s  pretty 


BY  CAROL  SLIWA 

IBM  BladeCenter  users  will 
get  a  new  chassis-based  sub¬ 
scription  option  that  could 
save  them  money  on  their  op¬ 
erating  system  costs,  as  long 
as  they’re  running  Novell  Inc.’s 
SUSE  Linux  Enterprise  Server 
on  all  the  blades  in  a  chassis. 

The  two  vendors  last  week 
jointly  announced  that  a  single 
SUSE  Linux  subscription 
priced  at  $2,792  will  cover  the 
maximum  of  14  blade  servers 
that  can  be  configured  in  a 
single  BladeCenter  unit,  re¬ 
gardless  of  the  types  and 
quantities  of  CPUs  being  used. 

“I  would  love  it  if  more  ven¬ 
dors  came  out  with  that  style 
of  pricing,”  said  Randy  Folmes, 
director  of  information  ser¬ 
vices  at  Woodbine  Entertain¬ 
ment  Group  in  Toronto.  “It’s 
a  big  job  managing  licensing 
at  a  time  when  we  have  30- 
odd  servers  running  different 
operating  systems  [and]  differ¬ 
ent  applications.” 


VMware’s  Plans 

WHAT’S  COMING:  ESX  Server  3 
virtualization  software,  Virtual- 
Center  2  tools  for  managing 
virtual  machine  infrastructures. 

DELIVERY  SCHEDULE:  A  public 
beta  is  due  later  this  year.  A  com¬ 
mercial  release  is  expected  to  be 
ready  in  Q1  of  2006. 

PRICING:  Not  finalized.  ESX 
and  VirtualCenter  now  start  at 
$5,000;  existing  users  on  main¬ 
tenance  contracts  can  get  new 
releases  at  no  extra  cost. 

much  a  file  copy  for  disaster 
recovery  versus  having  to  re¬ 
build  a  machine.” 

Increasing  the  support  in 
ESX  to  four  virtual  CPUs  “is 
a  big  deal  for  VMware  cus- 


Woodbine,  which  operates 
two  horse-racing  tracks  in  On¬ 
tario  plus  related  businesses, 
has  eight  blades  in  its  Blade- 
Center,  running  a  mix  of  SUSE 
Linux  8,  NetWare  5.1  and  Win¬ 
dows  2000  Server.  Folmes  ex¬ 
pects  to  fill  the  remaining  six 
slots  by  the  end  of  next  year 
and  is  budgeting  for  a  new 
BladeCenter  in  2007.  He  said 
he’ll  consider  chassis-based 
subscription  pricing  for  that 
unit,  as  Woodbine  continues 
to  move  away  from  NetWare. 

Added  Flexibility 

The  chassis-based  pricing 
gives  BladeCenter  users  flexi¬ 
bility  so  they  “can  buy  blades 
and  stick  them  into  the  rack 
as  they  need  them,”  said  A1 
Gillen,  an  analyst  at  IDC. 

The  $2,792  price  for  the 
chassis-based  SUSE  Linux 
subscription  is  exactly  eight 
times  the  $349  cost  of  a  sub¬ 
scription  for  a  single  server 
with  up  to  two  CPUs.  That 


tomers  that  have  reached  the 
end  of  scalability  on  their  cur¬ 
rent  product,”  said  Dan  Kus- 
netzky,  an  analyst  at  IDC.  He 
noted  that  although  some  vir¬ 
tualization  vendors  can  sup¬ 
port  up  to  16  processors,  “very 
few  applications  would  need 
more  than  two  to  four  proces¬ 
sors”  at  this  point. 

Jonathan  Eunice,  an  analyst 
at  Illuminata  Inc.  in  Nashua, 
N.H.,  called  the  planned  re¬ 
leases  “a  strong  upgrade.”  Mi¬ 
crosoft  Corp.  and  the  develop¬ 
ers  of  the  open-source  Xen 
software  are  each  trying  to 
commoditize  basic  virtualiza¬ 
tion  capabilities,  he  said.  But 
“that’s  something  they  can  only 
do  over  time,  not  immediately,” 
he  added.  “VMware  remains 
well  in  the  lead.”  ©  57544 


makes  eight  blades  the  break¬ 
even  point  for  customers  opt¬ 
ing  for  the  new  approach. 

Scott  Handy,  vice  president 
of  worldwide  Linux  at  IBM, 
noted  that  blades  are  often 
used  for  server  consolidation 
and  virtualization.  He  said 
that  the  single  subscription 
fee  will  apply  even  if  the  14 
blades  in  a  chassis  are  running 
dozens  of  SUSE  Linux  images. 

“Once  they  license  the  chas¬ 
sis,  they  can  deploy  any  num¬ 
ber  of  instances  of  the  operat¬ 
ing  system,”  said  Ed  Anderson, 
vice  president  of  global  prod¬ 
uct  marketing  at  Novell.  He 
added  that  although  Novell  is 
adopting  chassis-based  pricing 
with  IBM  first,  it  has  the  right 
to  strike  similar  deals  with 
other  blade  vendors. 

Hewlett-Packard  Co.  doesn’t 
offer  per-chassis  pricing  on  its 
blade  units.  But  it  does  offer 
bundled  licensing  under  one 
management  registration  key 
that  covers  25  software  com¬ 
ponents,  including  the  operat¬ 
ing  system  as  well  as  provi¬ 
sioning  and  management 
tools,  according  to  an  HP 
spokeswoman.  ©  57540 


Novell,  IBM  Take  New  Tack 
On  Blade-Server  OS  Pricing 
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Samsung  displays.  Turn  business  on 


The  Samsung  242MP  display.  Explore  more  of  what’s  out  th 

One  look  and  you’ll  see  how  the  combination  of  a  computer  display,  a  television^ 
can  become  your  ultimate  source  of  knowledge.  And  why  Samsung  i&  the  fesicfer 
brand  in  the  world.  So  when  you’re  serious  about  business,  turn  on  a  Samsbotj 
yourself  on  to  a  whole  new  way  of  seeing  things,  www.samsung.com/mqrtitoi 

©2005  Samsung  Electronics  America.  Inc.  Samsung  is  a  registered  trademark  of  Samsung'  Electronics  Co.Atft  ; 
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Cisco  Offers  New  Devices  to 
Boost  Performance  of  Apps 

Vendor  adds  acceleration  appliances 
for  data  center,  branch-office  systems 


BY  MATT  HAMBLEN 

ISCO  SYSTEMS  INC. 
last  week  announced 
two  sets  of  appli¬ 
ances  that  are  de¬ 
signed  to  improve  application 
performance  on  data  center 
systems  as  well  as  ones  used 
in  corporate  branch  offices. 

The  new  products  include 
the  Application  Velocity 
System  (AVS),  a  line  of  appli¬ 
cation  acceleration,  security 
and  monitoring  appliances  for 
the  data  center  that  combines 
Cisco- developed  hardware 
with  software  the  company 
obtained  in  its  June  acquisition 
of  FineGround  Networks  Inc. 

Cisco  announced  two  AVS 
models.  The  vendor  said  the 
3120  lets  remote  users  access 
Web-based  applications  at  re¬ 
sponse  times  similar  to  those 
of  LANs,  while  the  3180  moni¬ 
tors  and  reports  on  response 
times  networkwide. 

For  branch  offices,  Cisco  in¬ 
troduced  three  appliances  that 
it  calls  Wide-Area  Application 
Engines  (WAE).  The  company 
said  the  devices  will  let  com¬ 
panies  maintain  LAN-like  ac¬ 
cess  to  applications  while  con¬ 
solidating  distributed  systems 
into  central  data  centers  to  re¬ 
duce  management  costs. 

Streamlining  Traffic 

Hy-Vee  Inc.  has  used  Fine- 
Ground’s  Condenser  software, 
which  is  now  part  of  AVS,  for 
three  years  to  cut  overall 
frame-relay  bandwidth  usage 
by  40%  for  remote  intranet 
users,  said  Brad  Styve,  a  sys¬ 
tems  analyst  at  the  220-store 
supermarket  chain  in  West 
Des  Moines.  “The  amount  of 
data  going  down  the  pipe  is 

MORE  THSSlSSUE 

r  mo  riv  J  F5  Networks  adds  an  appli¬ 
cation-layer  firewall  to  its  Big-IP  appliances. 
Page  24 


significantly  reduced,”  he  said. 

Condenser  runs  on  a  Linux 
server  at  Hy-Vee,  but  AVS  will 
be  sold  as  a  stand-alone,  in¬ 
tegrated  product.  A  Cisco 
spokesman  said  that  will  allow 
users  to  fully  integrate  the 
AVS  technology  with  the  ven¬ 
dor’s  other  products,  includ¬ 
ing  the  WAE  appliances. 

Jay  Mellman,  director  of 
product  marketing  for  Cisco’s 
Application  Oriented  Net¬ 
working  product  family,  said 
the  AVS  devices  drastically  re¬ 
duce  “server  chatter”  by  using 
modifications  to  conventional 
caching  techniques  to  opti¬ 
mize  data  transfers. 


BY  MATT  HAMBLEN 

SAN  JOSE 

At  the  Black  Hat  USA  confer¬ 
ence  in  July,  Cisco  Systems  Inc. 
and  Atlanta-based  Internet 
Security  Systems  Inc. 
tried  to  stop  security  re¬ 
searcher  Michael  Lynn, 
until  then  an  ISS  em¬ 
ployee,  from  giving  a 
scheduled  talk  about  a 
flaw  in  Cisco’s  router 
software.  The  compa¬ 
nies  also  prodded  Black 
Hat’s  organizers  to  re¬ 
move  Lynn’s  slides  from  the 
conference  proceedings,  and 
they  secured  a  court  injunction 
preventing  him  from  further 
spreading  information  about 
exploiting  the  flaw.  Jeff  Platon, 
vice  president  of  product  mar¬ 
keting  for  security  and  applica¬ 
tion  networking  technology  at 
Cisco,  spoke  last  week  with 
Computerworld  about  Cisco’s 
handling  of  the  Black  Hat  dis¬ 
pute,  among  other  topics. 

Has  Cisco’s  reputation  been 
helped  or  hurt  by  the  events  at 
Black  Hat?  We  remain  vigilant 


TSI  Inc.,  a  maker  of  preci¬ 
sion  instruments  in  Shore- 
view,  Minn.,  recently  deployed 
three  WAE  appliances  with 
Cisco’s  Wide  Area  File  Ser¬ 
vices  technology  at  its  opera¬ 
tions  in  the  U.K.  In  coming 
months,  the  company  plans 
to  expand  by  rolling  out 
five  more  WAEs  in  Sweden, 
Germany  and  China,  said 
IT  director  Philip  St.  Ores. 

St.  Ores  said  the  main  bene¬ 
fit  of  the  WAEs  is  that  they  re¬ 
duce  the  amount  of  IT  equip¬ 
ment  needed  at  remote  loca¬ 
tions,  as  well  as  support  costs. 

“The  financial  benefits  are 
real  in  the  form  of  reduction 
in  servers,  software  licenses 
and  support  time,”  he  said, 
adding  that  TSI  can  now  cen¬ 
tralize  its  servers  and  elimi- 


in  trying  to  protect  our  intel¬ 
lectual  property  and  fulfilling 
our  obligations  around  full 
and  prompt  disclosure  of  vul¬ 
nerabilities  and  solutions  that 
customers  need  to  re¬ 
solve  any  potential  risks 
they  have  with  [a]  vul¬ 
nerability. 

So  a  great  example 
was  this  issue  with 
Michael  Lynn.  This  was 
a  previously  disclosed 
vulnerability  with 
patches  already  out. 
What  was  inappropriate  with 
that  issue  was  the  perspective 
of  that  individual.  It  would  be 
akin  to  [saying],  “Here’s  an 
atomic  bomb  diagram,  and  I’m 
going  to  show  you  some  short¬ 
cuts  on  how  to  build  one  in 
your  kitchen.”  That  was  really 
what  he  did.  And  it  was  inap¬ 
propriate  and  bordering  on 
the  criminal,  which  is  why  law 
enforcement  got  involved. 
Those  are  criminal  acts,  to  ex¬ 
ploit  vulnerabilities  with  the 
intent  to  harm. 

So  I  would  summarize  by 
saying  we  remain  vigilant  in 


nate  domain  controllers  and 
redundant  backup  systems  at 
the  remote  sites. 

The  market  for  application 
acceleration  products  is  “ex¬ 
panding  rapidly,”  said  Rob 


fulfilling  our  obligations  to 
customers  to  ensure  that  they 
have  the  highest  reliability  of 
network-connected  systems 
possible. 

But  do  you  think  that  Cisco’s 
image  was  enhanced  or  not  as 
a  result  of  your  handling  of  the 
Lynn  presentation?  I  think  we 
were  consistent  in  terms  of 
the  proactive  nature  of  early 
disclosure  and  going  out  to 
customers  and  helping  them 
with  methods  to  mitigate  the 
liability. 

Still,  there  were  news  reports 
that  Cisco  had  told  people  to  rip 
the  pages  out  of  Lynn’s  Black 
Hat  presentation,  among  other 
things.  Have  you  heard  any  back¬ 
lash  from  customers?  We’ve 
had  no  negative  comments 
from  customers.  I  believe  cus¬ 
tomers  continue  to  trust  us  to 
do  the  right  thing.  What  hap¬ 
pened,  it  is  what  it  is.  Were 
there  other  ways  it  could  have 
been  handled?  Certainly.  But  it 
is  what  it  is,  and  we  were  try¬ 
ing  to  fulfill  our  obligations. 


Whiteley,  an  analyst  at  For¬ 
rester  Research  Inc.  He  pre¬ 
dicted  that  worldwide  sales 
will  total  about  $2  billion  this 
year,  with  growth  being  fueled 
by  Web  applications  and  the 
need  to  use  limited  branch- 
office  space  more  efficiently. 

All  of  the  new  appliances 
are  available  now,  Cisco  said. 
The  WAE  devices  are  also  be¬ 
ing  offered  as  a  module  for  use 
with  Cisco’s  family  of  integrat¬ 
ed  services  routers.  C  57543 


What  if  something  like  this  hap¬ 
pened  again  at  next  year’s  Black 
Hat  conference,  or  elsewhere? 
Have  you  put  anything  in  place 
to  change  how  you’d  react?  Yes, 
we  have  a  better  process  in 
place  than  we  had  before. 

Different  lawyers?  We  have  the 
same  people  involved.  It  wasn’t 
so  much  about  our  lawyers.  It 
was  the  [public]  perception. 
We  have  a  better  methodology 
to  handle  that.  The  methods 
may  change  slightly. 

You  mentioned  that  many  of 
Cisco’s  large  customers  had 
made  the  fix  to  the  router  soft¬ 
ware  before  the  Black  Hat  inci¬ 
dent.  Are  there  any  contractual 
terms  that  require  users  to  install 
the  patches  you  give  them?  No, 

I  think  it’s  a  “trusted  adviser” 
status,  where  they  trust  us  to 
recommend  good,  proper  con¬ 
figurations.  [But]  when  we 
make  a  strong  recommenda¬ 
tion,  it’s  really  not  like  you 
have  a  choice.  You  do  really 
need  to  make  this  change. 

O  57517 


Software  Drivers 

AVS: 

■  Can  be  used  with  any  data  center 
applications  based  on  HTML  or  XML. 

■  Offloads  specific  server  processes 
and  minimizes  the  overhead  needed 
to  render  application  pages. 

■  Includes  a  firewall  to  help  users 
identify  and  block  application-layer 
security  threats. 

■  Pricing  starts  at  $34,995  for  the 
AVS  3120;  $14,995  for  the  3180. 


Executive  Defends  Cisco’s  Handling  of  Black  Hat  Dispute 


WAE  (below): 

■  Complies  with  network  policies  on 
traffic  prioritization,  quality-of-service 
and  security. 

■  Includes  caching  and  application 
protocol  optimization  capabilities. 


■  Pricing  starts  at  $5,500. 
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I  ye.  THE  LAWS  OF  TIME, 

'*  SPACE  AND  DEADLINES 

l-SIZED  BUSINESSES:  COLLABORATE,  BOOST  EFFICIENCY,  DO  THE  IMPOSSIBLE! 

EASE-OF-USE  ★  EASE-OF-INSTALLATION  ★  EASE-0F-BUD6ET 


FIGHT  BACK. 


or  trademarks  ot  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2005  IBM  Corporation.  Atl  rights  reserved 


plus:  A  UNIFIED  ROLE-BASED  ENVIRONMENT  j 

1  IBM  WORKPLACE  SERVICES  EXPRESS: 

DESIGNED  AND  PRICED  FOR 
THE  MID-MARKET 

&  INCREASED  PRODUCTIVITY  ! 

IT’S  SIMPLY  A  BETTER  WAY  TO  CONNECT  PEOPLE  WITH  BUSINESS 
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Microsoft  Adds 
Portal  to  Navision 

Microsoft  Corp.  has  released  a 
service  pack  for  Navision  that  in¬ 
cludes  a  new  portal  to  the  suite  of 
business  management  software. 
Service  Pack  1  for  Navision  4.0 
adds  the  Navision  Employee  Por¬ 
tal,  built  from  the  integration  of 
Navision  and  Windows  SharePoint 
Services  and  SharePoint  Portal 
Server.  The  package  also  im¬ 
proves  integration  with  Microsoft 
Office  and  Microsoft  SQL  Server. 


AMD  Posts  Positive 
Financial  Results 

Taking  advantage  of  its  technical 
lead  over  rival  Intel  Corp.  in  dual¬ 
core  server  processor  develop¬ 
ment,  Advanced  Micro  Devices 
Inc.  reported  better  than  expected 
third-quarter  results. 


Google  Plugs 
Search  Engine  Hole 

Google  Inc.  fixed  a  security  vul¬ 
nerability  on  its  search-engine 
Web  site  within  days  of  being  told 
about  it  by  Finjan  Software  Inc. 
The  security  vendor’s  Malicious 
Code  Research  Center  told  Google 
of  a  cross-site  scripting  vulnera¬ 
bility  that  could  have  allowed  a  re¬ 
mote  attacker  to  take  over  Google 
accounts  or  deceive  users  into 
revealing  personal  information. 


BEA  Agrees  to  Buy 
RFID  Tool  Maker 

BEA  Systems  Inc.  has  agreed  to 
purchase  privately  held  Connec- 
Terra  Inc.  The  Cambridge,  Mass.- 
based  RFID  middleware  vendor 
makes  infrastructure  software 
for  collecting  data  from  RFID  de¬ 
vices  and  distributing  it  for  use 
in  applications.  The  software 
treats  RFID  data  as  an  asset  to 
be  incorporated  into  applications 
and  business  processes.  Terms  of 
the  deal  weren’t  disclosed. 
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Fuel  Crunch  Puts 
Budget  Brakes . . . 

...  on  local  travel  while  pushing  pedal  to  the  metal  on  Web 
conferencing.  Genesys  Conferencing  Inc.  in  Reston, 
Va.,  polled  about  6,000  of  its  50,000  North  American 
users  and  discovered  a  new  reason  why  traffic  on  its 
Web-  and  audio-conferencing  system  has  skyrocket¬ 


ed  40%  in 
the  past  12 
months:  the 
price  of  gaso¬ 
line.  Peaking 
petrol  prices 
have  pushed 
people  out  of 
their  cars 
and  in  front 
of  their  PCs 
when  they 
need  to  meet,  said  Denise 
Persson,  executive  vice  presi¬ 
dent  of  marketing  at  Genesys. 
“Before,  Web  conferencing 
has  been  seen  as  a  lower-cost 
alternative  to  air  travel,  but 
now  it’s  also  cross-town  trav¬ 
el,”  she  observes.  Persson 
says  25%  of  those  surveyed  by 
Genesys  last  month  predicted 
that  they’ll  further  increase 
their  use  of  Web  conferenc¬ 
ing  in  lieu  of  driving  to  local 
meetings.  The  vast  majority 
of  those  virtual  get-togethers 
will  be  for  intracompany  con¬ 
fabs,  Persson  adds. 

Fred  Amoroso,  CEO  of 
Macrovision  Corp.  in  Santa 
Clara,  Calif.,  agrees  that  the 
rise  in  energy  costs  is  having 


an  effect  on  the  IT  industry. 
But  the  news  isn’t  all  good,  he 
says,  pointing  to  a  study  by 
Morgan  Stanley  revealing 
that  corporate  CIOs  have  cut 
IT  spending  growth  projec¬ 
tions  for  this  year  from  an  av¬ 
erage  4.3%  increase  in  Janu¬ 
ary  to  3.3%  as  of  August. 
Amoroso,  who  spoke  at  the 
SoftSummit  2005  conference 
in  Santa  Clara  last  week, 
notes  that  the  study  blames 
ballooning  fuel  costs  for  the, 
er,  shrinking  growth. 

Packaged  software  is 
getting  whacked . . . 

...  by  a  shift  inside  IT  to  devel¬ 
op  apps  internally.  That’s  the 
conclusion  drawn  by  Ken 
Berryman,  a  consultant  at 
McKinsey  &  Co.  who  also 
spoke  at  SoftSummit  2005. 
According  to  Berryman,  New 
York-based  McKinsey  in  1998 
estimated  that  31%  of  busi¬ 
ness  applications  were  inter¬ 
nally  developed.  By  2003,  that 
percentage  had  jumped  to 
42%,  while  packaged  apps  fell 
from  32%  of  the  mix  to  28%, 
he  says.  Berryman  says  he 


expects  the  trend  to 
continue  because 
there  is  now  “a  much 
more  standard  soft¬ 
ware  stack”  for  IT, 
including  everything 
from  middleware  to 
network  protocols. 

Plus,  he  says,  devel¬ 
opment  tools  are 
improving. 

Keep  tabs  on  changes 
to  open-source . . . 

. . .  technologies  used  in  your 
app-dev  process.  Marina  del 
Rey,  Calif.-based  start-up 
Mergere  Inc.  makes  its  prod¬ 
uct  debut  this  week  with 
Maven  2.0,  a  commercial  ver¬ 
sion  of  Maven  open-source 
software.  According  to  CEO 
Winston  Damarillo,  Maven 
checks  which  open-source 
code  is  used  in  your  applica¬ 
tions,  determines  whether  it 
has  changed  and  shows  the 
dependencies  between  your 
programs  and  their  open- 
source  components.  Maven 
2.0  adds  features  such  as  the 
Policy  Injector  tool,  which 
lets  IT  managers  define  and 
enforce  open- 
source  devel¬ 
opment  poli¬ 
cies.  For  exam¬ 
ple,  you  may 
want  to  use 
only  open- 
source  code 
covered  by 
a  particular  license  and 
Maven  2.0  can  make  sure 
that’s  the  case.  Annual  sub¬ 
scription  pricing  for  Maven 
2.0  starts  at  $25,000  per  de¬ 
velopment  project. 

Overcome  the  overload 
of  information . . . 

. . .  generated  by  systems  data. 

Andrew  Lark,  chief  marketing 
officer  at  LogLogic  Inc.  in 
San  Jose,  claims  that  a  big 
corporate  data  center  can 
annually  spew  out  up  to  43TB 
of  log-file  data  from  servers, 
routers,  firewalls  and  other 
devices.  Lark  says  those  logs 
contain  clues  to  solving  many 


Open-source 
projects 
tracked  by 
Maven. 


IT  problems.  But  who 
wants  to  manually 
pore  over  those  files? 
Not  you,  he’s  betting. 
His  company’s  appli¬ 
ances,  running  a  new 
LogLogic  3.1  software 
release,  can  collect 
50,000  log  messages 
per  second,  index  the 
data  and  store  up  to 
24TB,  which  you  can 
search  at  your  leisure.  Speak¬ 
ing  of  information  overload, 
Lark  says  that  with  Version 
3.1,  you  can  create  up  to 
13,000  custom  reports  to 
impress  your  boss.  The  up¬ 
grade  also  includes  an  Open 
Log  Routing  feature,  which 
lets  log  data  be  viewed  via 
other  management  consoles. 
LogLogic  3.1  ships  this  week; 
the  appliances  start  at  $75,000. 

Off-load  the  desktop 
processing  of . . . 

. . .  your  InCopy  and  InDesign 
files.  Late  this  fall,  Adobe  Sys¬ 
tems  Inc.  plans  to  ship  its  In- 
Design  Server  CS2  software. 
According  to  Kiyo  Toma,  a 
product  manager  at  San  Jose- 
based  Adobe,  the  new  soft¬ 
ware  will  handle  the  complex 
file  check-in  synchronization 
process  required  by  Adobe’s 
publishing  suite,  improving 
performance  for  end  users 
who  now  have  to  wait  while 
their  PCs  do 
the  work. 

Toma  also 
claims  that 
the  server 
will  give 
users  contin¬ 
uous  uptime 
of  30  days. 

That  might 
not  sound 
impressive  to 
data  center  managers,  he 
admits.  But  it  should  impress 
the  publishing  world,  where 
five  days  without  a  server 
reboot  is  almost  magical. 
InDesign  Server  CS2  runs 
on  Windows  and  Macintosh 
servers.  Pricing  wasn’t  re¬ 
vealed.  O  57495 


All  IT  Systems 


One  Service  Team 


For  multi-vendor,  cross -platform  service  and  support ,  Fujitsu  is  the  one . 

With  more  than  30  years  of  direct 
experience  collaborating  with  our  customers 
and  aligning  their  IT  and  business  objectives, 
we’ve  learned  what  it  takes  to  maintain  a 
wide  variety  of  complex,  mission-critical  IT 
environments — and  deliver  a  higher  level  of 
service,  for  multi-vendor;  cross- platform 
environments.  We  provide  a  single  point  of 
contact  and  full  accountability  to 
reduce  the  complexity  and  cost  of 
support,  streamlining  operations  to 
offer  greater  business  value. 

To  learn  more  reasons  why  CIOs  entrust  their  IT  systems  to  Fujitsu,  visit 

us.fujitsu.com/computers/services  or  call  I  -800-83  I  -3  1 83. 
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From  mainframes  to  servers,  notebooks, 
and  Tablet  PCs,  no  other  company  provides 
the  full  spectrum  of  services  to  support 
business-critical  computing  like  Fujitsu. 

In  addition  to  our  own  products,  we  support 
a  variety  of  platforms  such  as  Sun™,  IBM®, 
and  HP  plus  OS/390®,  UNIX®,  Windows® 
and  Linux  environments.  We  also  provide 
services  that  improve  the  operation 
of  your  existing  IT  investments  and 
drive  down  costs.  So,  if  it’s 
critically  important  to  a  CIO’s  IT 
infrastructure,  we  service  it. 


PRIMEPOWER®  Servers 


LifeBook®  Notebooks 


PRIMERGY®  Servers 


PRIMEQUEST'  Servers 
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Irish  Agency  Halts  Work  on 
Two  SAP  Application  Projects 


Troubled  health  department  payroll 
system  nearly  $170  million  over  budget 


BY  MARC  L.  SONGINI 

HE  HALTING  OF  two 

controversial  SAP 
AG  ERP  system  roll¬ 
outs  —  valued  at 
more  than  $380  million  —  this 
month  has  ignited  a  political 
firestorm  in  Ireland. 

The  Irish  Health  Service 
Executive  (HSE),  an  oversight 
committee  for  the  national 
health  department,  suspended 
work  on  the  Personnel,  Payroll 
and  Related  Systems  (PPARS) 
project,  which  was  started  10 
years  ago  to  handle  payroll 
functions  for  the  unit’s  120,000 
employees. 

Work  on  the  project  was 
halted  Oct.  6  after  numerous 
problems  were  found  in  the 
first  four  regional  installations 
in  operations  that  together 
employ  37,000  department 
workers. 

The  committee  also  ceased 
work  on  another,  unrelated 
health  department  project,  the 
Financial  Information  Systems 
Project  (FISP). 

The  government  hired  New 
York-based  consulting  firm 
Deloitte  &  Touche  LLP  to  im¬ 
plement  both  systems,  which 
are  based  on  SAP’s  R/3  ERP 
software. 

A  Textbook  Example 

Critics  in  Parliament  and  else¬ 
where  have  called  both  proj¬ 
ects  examples  of  mismanage¬ 
ment  and  waste.  “It’s  like  a  case 
study  in  how  not  to  run  a  proj¬ 
ect,”  said  a  spokesman  for 
Enda  Kenny,  the  leader  of 
Irish  opposition  party  Fine 
Gael.  “It’s  appalling  stuff.” 

Officials  have  described  the 
PPARS  application,  which 
was  further  along  than  FISP, 
as  the  most  complex  human 
resources,  time  management 
and  payroll  system  ever  imple¬ 
mented  in  Ireland.  After  being 
launched  around  1995,  the  proj¬ 
ect  was  budgeted  at  $10.7  mil¬ 


lion  and  was  expected  to  take 
three  years.  After  10  years,  the 
expected  price  tag  has  rocket¬ 
ed  to  $180  million. 

For  this  price,  Kenny  said 
earlier  this  month,  the  agency 
could  have  built  a  “brand  new 
600-bed  hospital.”  He  said  the 
system  has  made  widespread 
payroll  errors  —  for  example, 
one  staffer  was  accidentally 
paid  $1.2  million.  The  major 
pilot  site  for  the  program  — 

St.  James  Hospital  in  Dublin  — 
also  has  had  numerous  payroll 
problems  caused  by  the  soft¬ 
ware,  he  said. 

Faced  with  such  opposition 
and  problems,  the  HSE  decid- 


Cites  inadequate 
training,  lack  of 
system  testing 

BY  LINDA  ROSENCRANCE 

The  Defense  Logistics  Agency 
isn’t  fully  protecting  its  infor¬ 
mation  systems,  according  to 
a  report  released  last  week  by 
the  Government  Accountabil¬ 
ity  Office. 

The  DLA  is  responsible  for 
providing  goods  such  as  food, 
fuel,  medical  supplies  and 
spare  parts  for  weapon  sys¬ 
tems  to  the  U.S.  Department 
of  Defense.  In  its  report,  the 
GAO  said  the  logistics  agency 
has  made  some  progress  in 
implementing  key  elements  of 
its  information  security  pro¬ 
gram  but  needs  to  do  more. 

The  report  credited  the 
DLA  for  establishing  a  central 
security  management  group 
and  appointing  a  senior  infor¬ 
mation  security  officer.  But 
the  GAO  said  the  agency  has 
failed  to  consistently  assess 


ed  to  halt  work  on  the  PPARS 
project  until  it  is  assured  that 
any  future  investments  will  re¬ 
sult  in  a  system  that  works  as 
advertised. 

The  FISP  project  aimed  to 
build  a  single  financial  and 
materials  management  system 
that  supports  current  best 
practices.  The  system,  expect¬ 
ed  to  cost  about  $203  million, 
would  replace  a  mishmash  of 
legacy  systems  and  processes. 
About  $36  million  has  been 
spent  so  far  on  the  project, 
which  is  considered  on  time 
and  on  budget.  “Nevertheless, 
it  is  important  that  the  HSE  is 
completely  satisfied  that  all 
such  systems  are  adequate 
to  its  future  needs,”  said  a 
spokeswoman  for  the  HSE. 

The  committee  has  yet  to 


the  security  risks  that  could 
result  from  unauthorized  ac¬ 
cess  to  its  systems  and  the 
improper  use,  disclosure  or 
destruction  of  data. 

In  addition,  employees  re¬ 
sponsible  for  the  DLA’s  infor¬ 
mation  security  program 
haven’t  received  enough  train¬ 
ing;  annual  security  testing 
and  evaluation  of  management 
and  operational  controls 
haven’t  been  done;  and  plans 
to  mitigate  known  IT  deficien¬ 
cies  haven’t  been  completed, 
according  to  the  GAO. 

Until  the  DLA  addresses  the 
security  management  and 


complete  its  evaluation  and 
determine  the  precise  cause  of 
the  problems  with  the  PPARS 
application.  However,  it  has 
been  suggested  that  the  com¬ 
plexity  of  the  project  —  and  of 
the  system  it  was  replacing  — 
was  a  definite  factor. 

In  a  statement  issued  earlier 
this  month,  Irish  Minister  of 
Health  Mary  Harney,  to  whom 
HSE  reports,  said  her  agency 
hadn’t  realized  the  complexity 
of  the  older  payroll  system, 
which  included  “over  2,500 
variations  in  payment  arrange¬ 
ments  across  the  entire  health 
system,”  until  the  PPARS  proj¬ 
ect  was  well  under  way. 

“The  extent  of  the  incoher¬ 
ence  was  not  known  before 
PPARS  implementation  work 
commenced,”  she  said. 


oversight  weaknesses  and  im¬ 
plements  an  effective  agency¬ 
wide  IT  security  program,  it 
may  not  be  able  to  protect  the 
confidentiality,  integrity  and 
availability  of  its  systems  and 
data. 

Recommendations  Made 

The  GAO,  which  completed  a 
10-month  audit  of  DLA  facili¬ 
ties  in  July,  outlined  10  steps 
that  the  agency  should  take  to 
improve  its  security  practices 
and  controls. 

The  recommendations  in¬ 
clude  a  call  for  the  DLA  to  en¬ 
sure  that  workers  who  are  in¬ 
volved  in  IT  security  get  ade¬ 
quate  training  and  that  the 
training  program  be  moni¬ 
tored  by  agency  officials  and 
updated  as  needed. 


EXCERPT 


The  responsibilities  of  key  information  secu¬ 
rity  employees  were  not  consistently  under¬ 
stood  or  communicated,  and  [the]  DLA  has 
not  maintained  the  accuracy  or  completeness  of  the 
data  contained  in  its  central  management  database. 

■  FROM  THE  GAO’S  REPORT  ON  THE  IT  SECURITY  PROGRAM  AT 
THE  DEFENSE  LOGISTICS  AGENCY 


Defense  Logistics  Unit  Has 
Weak  Security,  GAO  Says 


For  its  part,  SAP  wouldn’t 
comment  directly  on  the  proj¬ 
ect  but  said  in  a  statement  that 
“the  HSE  is  a  highly  valued 
customer  of  SAP  Ireland.”  A 
spokesman  for  Deloitte’s  Irish 
branch  declined  to  comment 
on  the  projects.  ©  57533 


READ  MORE  ONLINE 


St.  James  Hospital  in  Dublin,  a  PPARS  pilot 
site,  wants  to  abandon  the  payroll  system: 

OQuickLink  57532 

www.computerworld.com 


In  a  written  response  to  the 
GAO,  Paul  Brinkley,  deputy 
undersecretary  of  defense  for 
business  transformation, 
agreed  with  most  of  the  rec¬ 
ommendations  and  said  the 
DLA  is  working  to  address 
them.  For  example,  Brinkley 
wrote  that  the  DLA  plans  to 
distribute  a  Defense  Depart¬ 
ment  manual  with  detailed 
guidance  on  security  training. 

However,  Defense  Depart¬ 
ment  officials  disagreed  with 
three  of  the  recommendations, 
including  the  need  to  annually 
test  the  effectiveness  of  secu¬ 
rity  controls  for  all  systems. 
Brinkley  said  that  doing  so 
would  amount  to  annual  re¬ 
certification  and  is  neither 
practical  nor  cost-effective. 

The  GAO  countered  that 
it  doesn’t  expect  the  DLA  to 
test  all  of  its  information- 
assurance  controls  annually. 
But  it  said  that  it  does  want 
to  ensure  that  the  testing  ef¬ 
forts  include  management, 
operational  and  technical  con¬ 
trols  for  every  system  in  the 
agency’s  inventory,  as  required 
by  the  Federal  Information 
Systems  Management  Act 
©  57511 


The  unfortunate  fact  is  disasters  happen. 

But  ultimately,  it’s  how  fast  your  business  can 
recover  that  really  counts.  Providing  the  leading 
technologies  and  services  like  our  Business 
Continuity  and  Disaster  Recovery  assessments, 
Insight  can  help  you  gain  greater  understanding 
and  control  of  your  data,  your  IT  environment  and 
your  business.  Find  out  how  Insight  can  provide 
everything  you  need  to  keep  IT  up  and  running. 


MAKE 


IT 

FOR  DISASTER 


WE 


CASE  STUDY: 

Taking  Ownership  of  the  Future 

When  Calderon  Textiles’  new  VP  of  Operations,  Mike  Elkin,  needed  a 
complete  understanding  of  its  data  infrastructure  connecting  distributors 
and  suppliers  around  the  world,  he  turned  to  Insight  for  a  Business  Continuity 
Assessment.  Insight’s  security,  infrastructure  and  disaster  recovery  experts 
performed  a  top-to-bottom  evaluation  of  the  logical  and  physical  environments 
and  provided  a  complete  report  that  prioritized  the  risks,  issues  and  resolutions 
With  this  information,  Calderon  can  gain  greater  control  of  the  environment 
and  ensure  continued,  uninterrupted  business 
operations  now  and  far  into  the  future. 


StorageWorks  DAT  72  Internal  Tape  Drive 
Starting  at  $749.76  dwo2ga 
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WWW. insight. com/CW  T  800.998.8052 


IT  For  The  Way  You  Work™ 


Source  Code:  AD021 

Insight  and  the  Insight  logo  are  registered  trademarks  of  Insight  Direct  USA,  Inc.  IT  For  The  Way  You  Work  is  a  trademark  of  insight  Direct  USA,  Inc.  All  other  trademarks, 

registered  trademarks,  photos,  logos  and  illustrations  are  property  of  their  respective  owners. 

©2005  Insight  Direct  USA,  Inc.  All  rights  reserved. 
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More  Companies  Tap 
IT  for  Sarbanes-Oxley 

Tools  can  automate  controls,  processes 


Intel  Unveils  First 
Dual-Core  Chips 


Intel  Corp.  has  unveiled  its  first 
dual-core  Xeon  chips  for  two- 
and  four-processor  servers. 
Developed  under  the  code  name 
Paxville,  the  new  chips  are  said 
to  be  50%  more  powerful  than 
their  single-core  predecessors, 
and  they  cost  about  40%  more 
than  those  chips.  The  version  for 
two-chip  servers  is  available  im¬ 
mediately  at  2.8  GHz.  Dual-core 
Xeon-based  systems  can  now  be 
ordered  from  Dell  Inc.,  Hewlett- 
Packard  Co.  and  IBM. 


Second  Beta  of 
Firefox  1.5  Ships 

The  Mozilla  Foundation  announced 
that  it  has  released  a  second 
beta  version  of  the  Firefox  1.5 
Web  browser  in  order  to  focus  on 
tackling  nagging  security  issues. 
The  Beta  2  release  comes  just  a 
month  after  Beta  1  shipped.  Ver¬ 
sion  1.5  is  Firefox’s  first  major 
update  since  the  Web  browser 
officially  debuted  last  year. 


BY  THOMAS  HOFFMAN 

ompanies  ARE  in¬ 
creasingly  turning  to 
technology  in  their 
Sarbanes-Oxley  Act 
compliance  efforts  in  order  to 
automate  internal  controls  or 
streamline  their  activities,  ac¬ 
cording  to  new  research  and 
interviews  last  week  with  cor¬ 
porate  executives. 

Three  of  four  U.S.-based 
multinationals  will  be  making 
extensive  use  of  IT  in  Sar¬ 
banes-Oxley  compliance  proj¬ 
ects  this  year,  according  to  a 
survey  of  131  corporations  by 
PricewaterhouseCoopers  that 
was  released  last  week. 

On  the  other  hand,  one-fifth 
of  the  companies  expect  to 
make  no  significant  technol¬ 
ogy  changes  in  efforts  to  com¬ 
ply  with  the  legislation’s  direc¬ 
tives,  according  to  the  New 


York-based  consulting  firm. 

FirstEnergy  Corp.  is  one 
company  that  has  utilized 
technology  to  seize  upon  the 
opportunities  cited  by  Price¬ 
waterhouseCoopers. 

Last  June,  the  diversified  en¬ 
ergy  company  in  Akron,  Ohio, 
purchased  compliance  soft¬ 
ware  from  Certus  Software 
Inc.  in  Cupertino,  Calif.,  to 
help  make  its  processes  “more 
repeatable  and  less  costly,” 
said  Alan  Michel,  FirstEnergy 
manager  of  internal  auditing. 

FirstEnergy  just  this  month 
finished  rolling  out  the  soft¬ 
ware  to  its  internal  auditors 
and  expects  by  early  2006  to 
extend  it  to  more  than  250 
users,  he  said. 

Michel  said  that  the  combi¬ 
nation  of  the  technology  and 
processes  created  by  the  com¬ 
pany  to  address  Sarbanes- 


Oxley  requirements  should 
lower  the  company’s  compli¬ 
ance  costs  by  20%  to  40%. 

Last  year,  most  of  First¬ 
Energy’s  compliance  activities 
were  handled  manually  using 
a  hodgepodge  of  spreadsheets, 
Word,  PowerPoint  and  Visio 
documents,  he  said. 

‘Dramatic  Decrease’ 

Michel  said  the  Certus  tool 
has  already  led  to  a  “dramatic 
decrease”  in  the  amount  of 
time  FirstEnergy’s  staff  needs 
to  complete  its  quarterly  com¬ 
pliance  efforts. 

Tempur-Pedic  International 
Inc.  began  implementing  com¬ 
pliance  software  from  Irvine, 
Calif.-based  Logical  Apps  Inc. 
last  March  “to  help  us  become 
more  [Sarbanes-Oxley]-com- 
pliant,”  said  Michael  Smith, 
vice  president  of  IT  at  the 
Lexington,  Ky. -based  maker  of 
pillows  and  mattresses. 

By  implementing  the  com- 


IT  and 
Sarb-Ox 

Selected  results  of  a  survey 
of  131  CFOs  and  managing 
directors  that  was  completed 
in  July  2005: 

75%  of  respondents  expect  to 
make  significant  IT  investments 
for  Sarbanes-Oxley  compliance 
projects. 

10%  said  a  lack  of  technology 
has  been  a  problem  area  in  Sar¬ 
banes-Oxley  compliance  efforts. 

40%  said  their  IT  organiza¬ 
tions  respond  effectively  to  re¬ 
quests  to  find  better  ways  to  sup¬ 
port  compliance  processes  and 
the  controls  environment. 

21%  said  their  IT  departments 
have  been  proactive  in  identifying 
ways  to  use  technology  for  more- 
effective  compliance. 

SOURCE:  PRICEWATERHOUSECOOPERS 

pliance  software,  Smith  said 
he  hopes  to  automate  as  many 
IT  controls  as  possible,  “so  we 
don’t  have  to  fish  through  pa¬ 
perwork  to  demonstrate  seg¬ 
regation  of  duties.”  ©  57519 


IBM  Brings  Out  Virtual  Tape 
Library,  SAN  Controller 


Mac  and  iPod  Sales 
Set  Apple  Record 

Apple  Computer  Inc.’s  fiscal 
2005  fourth  quarter  was  the  best 
operating  period  in  the  company's 
history  -  thanks  to  robust  Macin¬ 
tosh  and  iPod  sales,  according  to 
the  company. 


Citrix  Adds  64-Bit 
Presentation  Server 

Fort  Lauderdale,  Fla.-based  Citrix 
Systems  Inc.  announced  that  it 
has  released  a  64-bit  version  of 
its  flagship  product,  which  it  says 
will  enable  users  to  significantly 
increase  server  workloads  and  re¬ 
duce  hardware  needs.  The  Citrix 
Presentation  Server  4.0  for  Micro¬ 
soft  Windows  Server  2003  x64 
edition  can  be  used  to  run  64-  and 
32-bit  applications  on  a  server. 


Linux  system  is 
the  first  in  a  series 
of  library  releases 

BY  LUCAS  MEARIAN 

IBM  last  week  unveiled  its 
first  virtual  tape  library  for 
open  systems  along  with  a  ma¬ 
jor  upgrade  of  its  TotalStorage 
SAN  Volume  Controller 
(SVC)  virtualization  engine. 

SVC  Version  3.1,  which 
pools  storage  resources  from 
heterogeneous  arrays  behind 
an  appliance,  will  support  up 
to  four  times  more  servers  — 
as  many  as  1,024  —  than  the 
current  version  and  manage 
larger  storage  networks, 

IBM  said. 

The  SVC  upgrade,  which 
ships  on  Nov.  18,  will  also  let 
users  choose  among  native 
copy  functions,  which  allow 


communication  with  products 
of  other  vendors.  The  upgrade 
is  priced  from  $43,000. 

Dave  Samic,  senior  network 
analyst  at  FirstMerit  Bank  NA 
in  Akron,  Ohio,  a  user  of  the 
current  SVC  version,  said  he 
expects  the  updated  offering 
to  let  him  expand  the  storage- 
area  network  at  his  operation. 
The  First  Merit  SAN  now 


runs  up  to  115  virtual  servers 
supported  by  a  single  IBM 
FAStT700  midrange  array  be¬ 
hind  the  SVC  appliance. 

“We’re  looking  at  growing 
this  SAN.  When  you  have 
servers  scattered  around  the 
building,  you  add  to  adminis¬ 
trative  overhead.  I’m  excited 
to  see  a  new  major  release  like 
this,”  Samic  said. 

Tony  Prigmore,  an  analyst  at 
Enterprise  Strategy  Group  Inc. 
in  Milford,  Mass.,  added  that 
IBM  had  little  choice  but  to 
add  the  native  copy  capabili- 


COMPARING  TAPE  LIBRARIES 


Starting 

price 

Max 

capacity 

Number 
of  virtual 
drives 

Number  of 
tape  libraries 
it  can  emulate 

IBM’s  Virtualization 
Engine  TS7510 

$175,000 

46TB 

512 

64 

Hewlett-Packard’s 
StorageWorks  6510 
Virtual  Library  System 

$57,194 

10TB 

64 

16 

EMC’s  Clariion 

DL310 

Disk  Library 

$110,000 

37TB* 

512 

64 

"Compressed 


ties,  because  users  have  been 
requesting  it.  “Now  they  can 
pass  through  the  storage-array 
data  protection  and  migration 
features  [from  other  ven¬ 
dors],”  he  said. 

IBM’s  new  Linux-based 
Virtualization  Engine  TS7510 
is  the  first  of  what  IBM  says 
will  be  a  series  of  virtual  tape 
libraries. 

The  TS7510  combines  hard¬ 
ware  and  software  to  provide 
tape  virtualization  for  Unix- 
and  Intel-based  servers  that 
connect  to  Fibre  Channel 
storage  systems.  The  rack¬ 
mounted  Virtualization  En¬ 
gine  server  scales  to  46TB. 

Prigmore  said  that  although 
IBM  entered  the  virtual  tape 
library  fray  after  rivals  EMC 
Corp.  and  Hewlett-Packard 
Co.,  the  company  can  draw  on 
its  enormous  server  and  stor¬ 
age  installed  base  to  sell  the 
new  product. 

The  TS7510  is  priced  from 
$175,000  and  will  be  available 
on  Oct.  28.  ©  57515 


MOST  EMPLOYEES  CANT  EVEN  SEE  THEIR  DESK 
MUCH  LESS  WORRY  ABOUT  ENSURING  COMPLIANCE 


Reduce  compliance  risk  and  email  storage  requirements  with  automated  email  management. 

Email  gives  you  35  billion  reasons  every  business  day  to  find  a  better  way  to  manage  it.  Email  must  meet  the 
same  rigorous  compliance  mandates  as  other  corporate  documents.  Inadequate  storage,  human  error,  and 
inconsistent  policy  enforcement  put  you  at  risk.  FileNet  Email  Manager  with  exclusive  ZeroClick  technology 
automates  your  entire  email  management  lifecycle  -  minimizing  human  interaction,  improving  productivity  and 
mitigating  storage  needs.  It's  much  more  than  an  archival  solution.  Together  with  FileNet  Records  Manager, 
email  can  now  be  fully  managed  without  user  interaction  or  costly  infrastructure.  The  leading  choice  of  global 
enterprises,  you  won't  find  a  better  email  management  solution  anywhere.  (We  know  your  employees  can't.} 


Learn  howto  make  better  decisions,  faster.  ;  / 

Download  the  Email  Management  white  paper  at 
www.filenet.com/emailwp 


©2005  FileNet  Corporation.  All  rights  reserved 


www.filenet.ee 
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Interex 

Interex’s  customer  database 
and  mailing  list  from  Genisys 
Corp.,  a  Redmond,  Wash.-based 
seller  of  refurbished  HP  hard¬ 
ware.  That  offer  has  triggered 
a  bidding  process  that  has  giv¬ 
en  other  interested  parties  a 
chance  to  top  Genisys’  offer. 
Higher  bids  of  at  least  $16,500 
must  be  submitted  to  Wu  by 
Wednesday,  the  notice  said. 

The  customer  information 
collected  by  Interex  “is  valu¬ 
able  data,”  said  Donna  Garver- 
ick,  secretary  of  OpenMPE 
Inc.,  an  HP  e3000  user  group 
that  includes  many  former  In¬ 
terex  members.  She  noted  that 
the  database  likely  includes 


1  Personal  information 
submitted  at  the  time 
of  registration,  subscription 
and/or  membership  renewal 
may  be  used  by  Interex  for 
the  marketing  and  promotion 

of  Interex  products _ In 

addition,  your  name  and 
mailing  address  may  be  pro¬ 
vided  to  a  licensed  and  bond¬ 
ed  third-party  mail  house  for 
one-time  use  by  carefully 
selected  HP-centric  partner 
companies. 

From  a  cached  version  of  the 
privacy  policy  that  had  been 
posted  on  Interex’s  Web  site 


details  about  the  IT  installa¬ 
tions  of  Interex  members. 

Garverick  said  some  of  the 
Interex  members  she  had 
heard  from  were  trying  to  de¬ 


termine  whether  the  user 
group’s  bylaws  prohibited  the 
sale  of  the  membership  data. 
Renting  the  Interex  mailing 
list  was  possible,  she  said,  but 
there  were  controls  on  the 
data  that  could  be  released. 

There  are  also  concerns 
about  what  could  happen  to 
the  information  collected  by 
Interex  once  it’s  sold  —  such 
as  whether  it  could  be  resold 
and  used  by  other  companies, 
Garverick  added. 

According  to  a  cached  ver¬ 
sion  of  the  privacy-policy  page 
from  Interex’s  now-shuttered 
Web  site,  members  could  limit 
the  use  of  their  e-mail  address¬ 
es  by  third  parties  via  an  opt- 
out  process.  It  also  notes  that 
names  and  mailing  addresses 
could  be  provided  to  mailing 


services  firms  for  use  by  “HP¬ 
centric”  vendors  (see  box). 

One  former  Interex  mem¬ 
ber,  who  asked  that  his  name 
not  be  used,  said  he’s  upset 
that  some  of  his  personal  in¬ 
formation  could  be  sold  to 
Genisys  or  another  bidder. 

“I  consider  my  e-mail  ad¬ 
dress  to  be  confidential,”  the 
former  member,  who  lives  in 
New  Mexico,  wrote  in  an 
e-mail  message.  “There  was  a 
moral  and  ethical  obligation 
[for  Interex  officials]  to  live  up 
to  their  stated  policy  on  col¬ 
lecting  information  on  mem¬ 
bers  —  i.e.,  to  not  sell  it  or  give 
it  away.  I  understand  the  legal 
arguments  that  Interex  no 
longer  exists  and  that  the  court 
is  in  charge.  But  the  court 
should  respect  that  obligation.” 


Chris  Hoofnagle,  senior 
counsel  at  the  Electronic  Pri¬ 
vacy  Information  Center  in 
Washington,  said  that  if  In¬ 
terex’s  privacy  policy  was 
silent  on  the  issue  of  selling 
membership  data,  there  may 
be  nothing  to  stop  the  bank¬ 
ruptcy  trustee  from  going 
ahead  with  the  planned  sale. 
He  added  that  even  in  cases 
where  policies  bar  sales  of 
data,  bankruptcy  courts  some¬ 
times  override  the  provisions. 

A  request  to  speak  with  Wu 
hadn’t  been  met  as  of  press 
time.  The  notice  about  the 
planned  sale  said  that  if  there  is 
more  than  one  bid  for  the  data¬ 
base,  an  auction-style  sale  will 
be  conducted  by  telephone  on 
Thursday,  starting  at  the  high¬ 
est  submitted  bid.  O  57541 


University  Turns  to  iSCSI  to  Boost 
Storage  Without  Breaking  Budget 

Says  upgrading  its  Fibre  Channel  system 
would  have  been  too  costly,  complex 


BY  LUCAS  MEARIAN 

Coppin  State  University  in  Bal¬ 
timore  early  this  year  found 
itself  facing  a  data  explosion 
that  had  overwhelmed  its  two 
Fibre  Channel  storage  arrays. 

Thus  the  school’s  IT  opera¬ 
tion  was  forced  to  find  a  way 
to  supply  users  with  an  easy- 
to-manage  online  storage  sys¬ 
tem  that  wouldn’t 
break  the  budget. 

Once  that  search 
began,  the  IT 
group  saw  two 
possible  solutions 
to  fix  the  problem. 

One  option  was  to  replace  its 
two  3-year-old  EMC  high-end 
Symmetrix  Fibre  Channel  stor¬ 
age  arrays,  which  were  plagued 
with  problems  due  to  incom¬ 
patible  switches,  with  new 
models  that  support  far  higher 
capacity.  The  second  option 
was  to  use  Internet  SCSI  tech¬ 
nology  to  add  a  second  stor¬ 
age-area  network. 

The  school  chose  the  latter 
•piion,  and  since  implement¬ 
ing  the  SAN  in  June,  Coppin’s 
f 1  st  aff  has  become  convinced  I 


that  IP  storage  is  critical,  citing 
its  relatively  low  cost  and  ease 
of  use. 

The  university  bought  iSCSI 
SAN  technology  for  the  new 
network  in  June  from  Left- 
Hand  Networks  Inc.  Officials 
found  the  $100,000  price  a 
steal  compared  with  the  po¬ 
tential  costs  of  upgrading  its 
Fibre  Channel  in¬ 
frastructure,  said 
Mitch  PreVatte,  di¬ 
rector  of  network 
services  at  Coppin. 

PreVatte  noted 
that  he  has  exten¬ 
sive  support  costs  for  the 
Fibre  Channel  systems.  For 
example,  PreVatte  said  he 
is  looking  at  a  $57,000  bill 
from  EMC  for  servicing  Cop- 
pin’s  SAN  to  fix  problems 
that  were  caused  by  the  lack 
of  compatibility  between 
switches  from  Brocade  Com¬ 
munications  Systems  Inc.  and 
McData  Corp. 

PreVatte  said  the  switch 
problems  stemmed  from  a  rec¬ 
ommendation  from  nPlusOne 
Inc.,  a  services  firm  in  Edin¬ 


burgh,  that  Coppin  shift  its  Fi¬ 
bre  Channel  switch  suppliers 
from  Brocade  to  McData,  citing 
a  need  for  the  latter’s  high-end 
technology.  NPlusOne  offi¬ 
cials  couldn’t  be  reached. 

PreVatte  also  said  that  he 
has  found  the  iSCSI  technol¬ 
ogy  far  less  complex  than  Fi¬ 
bre  Channel. 

“The  iSCSI  SAN  was  one 
of  the  smoothest  installs  I’ve 
ever  done,”  PreVatte  said.  “Fi¬ 
bre  Channel,  on  the  other 
hand,  is  a  complex  animal  and 
requires  a  lot  of  specialized 
knowledge.  Installing  our  Fi¬ 
bre  Channel  SAN  was  just  a 
nightmare.  We  had  tons  of 
grief  and  in  fact  still  have  tons 
of  grief.” 

Market  Growth 

According  to  Gartner  Inc., 
Coppin’s  iSCSI  decision  is 
part  of  a  trend.  Based  on  a 
Gartner  survey,  the  consulting 
firm  projects  that  by  2006, 
iSCSI  technology  will  connect 
almost  1.5  million  servers  to 
SANs,  more  than  any  compet¬ 
ing  system. 

Gartner  analyst  James  Opfer 
said  iSCSI  won’t  replace  Fibre 
Channel  in  the  data  center  be¬ 
cause  of  performance  issues, 


but  it  will  continue  to  grow 
substantially  as  a  server  con¬ 
solidation  technology,  espe¬ 
cially  for  low-end  systems. 

PreVatte  said  Coppin’s 
new  iSCSI  SAN  was  installed 
in  time  to  support  a  special 
project  the  school  rolled 
out  in  June  called  Tegrity 
Notes.  The  program  allows 
students  to  capture  class 
notes  digitally  and  then  let 
the  notes  reside  with  record¬ 
ings  of  the  class  that  feature 
audio,  video  and  notes  pre¬ 
sented  by  the  instructor.  The 
information  is  accessible  on 
the  Internet. 

Overall,  the  school  requires 
ever-increasing  amounts  of 
storage  to  support  1,400  com¬ 
puters  on  its  data  network,  650 
IP-enabled  phones  and  a  new 
PeopleSoft  deployment  that 
eats  up  8.6TB  of  storage  space 
on  the  two  Symmetrix  arrays, 
PreVatte  said. 

PreVatte  said  the  older  Sym¬ 
metrix  arrays  will  continue 
to  run  Coppin’s  transactional 
databases  that  hold  financial, 
human  resources  and  student 
information,  but  there  are  no 
plans  to  add  Fibre  Channel  ca¬ 
pacity.  Any  new  storage  sys¬ 
tems  will  be  based  on  iSCSI 
technology,  he  said. 

“I’ve  had  no  problems  with 
reliability  of  the  EMC  gear. 
Their  storage  has  been  ex¬ 
tremely  reliable,”  PreVatte 
said.  “But  I’m  also  dependent 


on  outside  resources,  because 
if  something  doesn’t  do  what 
it’s  supposed  to  be  doing,  I 
need  someone  who  can  fix  the 
problems.”  ©  57535 


Corrections 

THE  SIZE  of  the  workforce  at 
Allstate  Insurance  Co.  and  the 
number  of  employees  who  have 
access  to  voice-over-IP  services 
were  misstated  in  a  Sept.  26 
News  story  (“Converged  Net¬ 
work,  VoIP  Projects  Tax  IT  Man¬ 
agers").  Northbrook,  lll.-based 
Allstate  said  that  information  dis¬ 
closed  at  a  conference  was 
wrong  and  that  about  10,000  of 
its  70,000  workers  are  equipped 
for  VoIP  usage. 

AN  ITEM  IN  THE  SECURITY  LOG 

in  last  week's  Technology  section 
(“Kaspersky  Products  Hit  by  Se¬ 
curity  Bug”)  didn’t  include  com¬ 
ments  from  a  statement  issued 
by  security  software  vendor 
Kaspersky  Lab  on  Oct.  4.  In  the 
statement,  Kaspersky  confirmed 
the  presence  of  a  vulnerability  in 
a  module  of  its  Kaspersky  Anti- 
Virus  tool  but  said  it  had  added  a 
package  of  signatures  that  detect 
possible  exploits  of  the  flaw  to 
the  software  on  Sept.  29.  That 
significantly  reduces  the  chances 
of  successful  exploits,  the  com¬ 
pany  said.  The  Security  Log  item 
also  misidentified  the  location  of 
Kaspersky’s  headquarters;  the 
company  is  based  in  Moscow. 


MORE  ONLINE 

Visit  our  Storage  Knowledge 
Center  for  additional  news: 
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OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED. 

LET’S  WORK  TOGETHER. 


Continuous  access  to  information  no  matter  what.  That’s 
Information  Availability.  It’s  what  your  employees,  suppliers  and 
customers  demand  every  minute  of  every  day.  But  to  deliver  it 
flawlessly,  you  need  a  massive  global  infrastructure,  redundant 
systems  and  diverse  networks  being  monitored  and  supported 
by  skilled  technical  experts  at  secure  facilities.  That’s  exactly 
what  SunGard  provides. 

As  a  result,  we  can  offer  you  a  higher  level  of  availability  and 
save  your  company,  on  average,  25%  versus  building  the 
infrastructure  yourself.  Plus,  it’s  a  vendor  neutral  solution  that 
lets  you  control  your  data, applications  and  network  while  giving 
you  the  flexibility  to  adjust  to  the  changing  needs  of  your 
business.  But  best  of  all,  it  lets  you  spend  more  time  solving 
business  problems  and  less  time  solving  technical  problems. 


For  years,  companies  around  the  world  have  turned  to 
SunGard  to  restore  their  systems  when  something  went 
wrong.  So,  it’s  not  surprising  that  they’re  now  turning  to  us 
to  mitigate  risk  and  make  sure  they  never  go  down  in  the 
first  place. 

You  want  your  network  and  systems  to  always  be  up  and 
running.  We  want  the  same  thing.  Let’s  get  together.  To 
learn  more,  visit  www.availability.sungard.com  or  call 
1-800-468-7483. 

SUNGARD* 

Availability  Services  Connected ;™ 

^Potential  savings  based  on  IDC  White  Paper,  Ensuring  Information  Availability: 

Aligning  Customer  Needs  with  an  Optimal  Investment  Strategy. 


COMPUTERWORLD  October  17, 2005 


NEWS 


www.computerworld.com 


An  International 

IT  News  Digest 


Flextronics  to  Add  2,000 
To  Its  Indian  Workforce 

SINGAPORE 

Flextronics  corp.,  which  makes 
printed  circuit  boards  and  other 
high-tech  products  on  a  contract 
basis,  plans  to  hire  about  2,000  more 
workers  in  India  by  the  time  it  starts 
production  at  a  planned  facility  in  the 
city  of  Chennai  next  June. 

The  Singapore-based  company 

intends  to  invest  $70  mil-  _ 

lion  to  $100  million  in  the 
Chennai  location  over  the 
next  three  to  five  years, 
according  to  Peter  Tan, 
president  and  managing 
director  of  Flextronics’ 

Asian  operations.  The 
facility  will  support  the 
manufacturing  needs  of 
local  as  well  as  global 
customers,  Tan  said  last 
week. 

On  Oct.  6,  Flextronics  announced 
that  it  had  signed  an  agreement  with 
the  state  government  of  Tamil  Nadu  in 
southern  India  to  set  up  an  industrial 
park  in  Chennai,  the  state  capital. 

The  Flextronics  facility  will  offer 
services  such  as  plastic  injection  mold¬ 
ing,  circuit-board  assembly,  distribu¬ 
tion,  logistics  and  repair.  The  company 
said  the  park  will  also  include  facilities 
for  some  of  its  component  suppliers. 

Flextronics  currently  employs  5,000 
people  in  India  at  manufacturing  facili¬ 
ties  in  Bangalore  and  Pondicherry  and 
at  software  development  and  hardware 
design  centers  in  Bangalore,  Chennai 
and  Gurgaon. 

■  JOHN  RIBEIR0,  IDG  NEWS  SERVICE 


GLOBAL  FACT 


Total  euros  spent  on  IT 
services  in  Europe, 
the  Middle  East  and 
Africa  last  year. 

Source:  Gartner  Inc. 


Australian  Conference 
Woos  IT  Execs  to  IPv6 

CANBERRA,  AUSTRALIA 

JK  conference  on  Internet  Proto- 
||J|  col  Version  6  (IPv6)  being  held 
' :  here  in  two  weeks  is  aimed  at 
convincing  IT  managers  that  the  next- 
generation  technology  is  ripe  for  en¬ 
terprise  use  and  isn’t  just  for  service 
providers  and  research  organizations. 

Paul  Davis,  CEO  of  the  GrangeNet 
consortium,  which  built  Australia’s 
first  IPv6  network,  said  the  inaugural 
Australian  IPv6  Summit  is  “absolutely 
relevant”  to  corporate  IT.  The  native 
security  features  and  large-numbering 
scheme  in  IPv6  make  it  “a  new  way  of 


doing  things”  for  IT  operations,  said 
Davis,  who  is  scheduled  to  speak  at  the 
conference. 

He  added  that  Australian  companies 
need  to  start  using  the  technology. 
“Everywhere  else  in  the  Asia-Pacific 
region,  there  is  extensive  IPv6  deploy¬ 
ment,  and  we  [risk  being]  left  behind,” 
Davis  said. 

Other  scheduled  speakers  at  the 
conference  include  Latif  Ladid,  chair¬ 
man  of  the  European  Commission  IPv6 
Task  Force;  Mark  Evans, 
from  the  U.S.  Navy’s  IPv6 
transition  project  office; 
and  Chris  Gunderson,  ex¬ 
ecutive  director  of  the 
World  Wide  Consortium 
for  the  Grid  in  Reston,  Va. 

The  two-day  summit, 
which  starts  Oct.  31,  is  be¬ 
ing  sponsored  by  the  In¬ 
ternet  Society  of  Australia 
and  the  Smart  Internet 
Technology  Cooperative  Research 
Centre  in  Eveleigh,  Australia. 

■  RODNEY  GEDDA,  COMPUTERWORLD  TODAY 

Intel  to  Refocus,  Expand 
German  Research  Lab 

BRAUNSCHWEIG,  GERMANY 

Intel  corp.  last  week  said  it  plans 
to  change  the  focus  of  work  done  at 
its  semiconductor  research  lab  here 
while  expanding  the  number  of  re¬ 
searchers  at  the  facility  by  50%. 

Intel’s  plan  calls  for  the  lab’s  engi¬ 
neering  team,  which  currently  designs 
chips  for  optical  networks,  to  shift  its 
primary  focus  over  the  next  few  weeks 
to  developing  chips  with  hundreds  of 
processing  cores,  said  Mike  Cato,  a 
spokesman  at  the  company’s  German 
headquarters  in  Feldkirchen.  At  the 
same  time,  the  research  staff  will  in¬ 
crease  from  100  to  150  people,  accord¬ 
ing  to  Cato. 

“We  aren’t  planning  to  discontinue 
our  optical  networking  development 
work  in  Braunschweig  entirely,”  Cato 
said.  “But  the  key  focus  will  be  devel¬ 
opment  of  many-core  chips.” 

The  facility  will  be  called  the  Ger¬ 
man  Microprocessor  Lab  and  used 
solely  for  pure  research,  not  actual 
product  development,  Cato  said.  He 
added  that  the  lab  could  expand  its  re¬ 
search  focus  over  the  next  few  years. 
“Give  us  six  months  to  a  year,  and  we’ll 
know  more  by  then,”  he  said. 

■  JOHN  BLAU,  IDG  NEWS  SERVICE 


Lufthansa  Teams  up  on 
Biometric  ID  System 

MUNICH 

T  the  interairport  trade  show 
here  last  week,  German  airline 
Deutsche  Lufthansa  AG  demon¬ 
strated  a  biometric  system  for  con¬ 
firming  the  identities  of  passengers 
during  the  boarding  process. 

The  SecBoard  system  was  jointly  de¬ 
veloped  by  Frankfurt-based  Lufthansa 
Systems  Group  GmbH,  the  airline’s  IT 
services  arm,  and  Bundesdruckerei 
GmbH,  a  maker  of  security  products 
and  systems  in  Berlin 
The  system  includes  a  registration 
component,  where  the  fingerprints, 
photos  and  personal  information  of 
passengers  can  be  recorded,  digitized 
and  stored  on  a  smart  card  along  with 
a  serial  number.  Fingerprint  checks 
can  then  be  done  at  a  boarding  station 
located  between  check-in  counters  and 
airport  gates,  the  companies  said. 

■  JOHN  BLAU,  IDG  NEWS  SERVICE 


Symantec  Says  It’s 
Not  Suing  Microsoft 

SYMANTEC  CORP.  CEO  John 

Thompson  last  week  downplayed 
reports  that  the  security  software 
vendor  had  taken  steps  toward  initiat¬ 
ing  a  possible  antitrust  investigation 
into  Microsoft  Corp.’s  business  prac¬ 
tices  by  the  European  Commission. 

The  Dow  Jones  Newswire  had  re¬ 
ported  that  Cupertino,  Calif.-based 
Symantec  filed  an 
informal  complaint 
against  Microsoft 
with  the  EC. 

In  an  interview  af¬ 
ter  he  gave  a  speech 
at  The  Common¬ 
wealth  Club  of  Cali¬ 
fornia  in  San  Francis¬ 
co,  Thompson  con¬ 
firmed  that  Symantec  had  provided 
documents  to  the  EC,  but  he  dismissed 
the  talk  of  a  complaint  being  filed. 
“We’re  not  involved  in  any  investiga¬ 
tion,”  he  said.  “We  partner  with  Micro¬ 
soft.  We’re  not  trying  to  go  to  court 
with  Microsoft  by  any  stretch  of  the 
imagination.” 

During  his  speech,  Thompson  de¬ 
scribed  the  relationship  between  the 
two  companies  as  one  of  “mutual  de¬ 
pendency.”  He  said  that  although  Mi¬ 
crosoft’s  full-fledged  entry  into  the  se¬ 
curity  software  market  is  inevitable,  it 
isn’t  “a  preordained  success.”  ©  57476 
■  ROBERT  MCMILLAN,  IDG  NEWS  SERVICE 
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Briefly  Noted 

Capgemini,  a  Paris-based  IT  con¬ 
sulting  firm,  has  fired  its  chief  oper¬ 
ating  officer  for  thinking  about  tak¬ 
ing  another  job.  COO  Pierre  Danon 
had  applied  for  -  but  failed  to  get  - 
a  job  as  the  head  of  hotel  chain 
Accor  SA,  also  based  in  Paris. 
Capgemini  said  it  has  no  plans  to 
replace  him  in  the  coming  months. 

■  PETER  SAYER, 

IDG  NEWS  SERVICE 


Tata  Consultancy  Services  Ltd., 
the  largest  outsourcing  firm  in  In¬ 
dia,  reported  large  year-over-year 
gains  in  its  results  for  the  second 
quarter,  which  ended  Sept.  30. 
Revenue  was  29.5  billion  rupees 
($670  million  U.S.),  up  21.4%  from 
24.3  billion  rupees  ($543  million) 
in  the  same  quarter  last  year.  The 
Mumbai-based  company’s  profits 
grew  by  15.5%  to  6.7  billion  rupees 
($150  million),  up  from  5.8  billion 
rupees  ($130  million). 

■  JOHN  RIBEIR0, 

IDG  NEWS  SERVICE 


Infosys  Technologies  Ltd.,  India’s 
second-largest  outsourcing  vendor, 
also  reported  robust  growth  in 
revenue  and  profits  for  the  three 
months  that  ended  Sept.  30.  The 
Bangalore-based  company’s  sec¬ 
ond-quarter  revenue  was  23.5  bil¬ 
lion  rupees  ($524  million),  up 
38.3%  from  the  year-earlier  level 
of  17  billion  rupees  ($379  million). 
Net  profit  rose  44.2%  to  6.2  billion 
rupees  ($138  million),  from  4.3  bil¬ 
lion  rupees  ($97  million). 

■  JOHN  RIBEIR0, 

IDG  NEWS  SERVICE 


Ford  of  Europe,  Ford  Motor  Co.’s 
European  arm,  has  rolled  out  a 
browser-based  electronics  parts 
catalog  called  FordEcat  that  was 
developed  internally  and  is  based 
on  software  from  Burlington, 
Mass.-based  Enigma  Inc.  Ford, 
which  previously  used  outside 
contractors  to  create  its  electronic 
catalog,  said  it  expects  the  new  ver¬ 
sion  to  cut  the  time  needed  to  dis¬ 
tribute  auto  parts  and  materials  to 
its  dealers  in  Europe  and  the  Middle 
East.  The  FordEcat  system  supports 
17  languages  and  can  be  accessed 
via  the  Web  or  on  a  CD-DVD. 

■  LINDA  R0SENCRANCE 
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Mr.  7,000,000  E 
a  Day  Handled 
71  Percent 
Fewer  Servers. 
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'From  a  manager's  view,  the  fact  that  we  increased 
stability,  improved  operations,  and  reduced  costs 
while  adding  so  many  users  is  very,  very  good." 

I  V*  -ji  wv  Ir-iHJ 

Yuen  Ho 

.  *  •  s. 

Director  of  Corporate  Systems  and  Architecture,  eBay 


Make  a  name  for  yourself  with  Windows  Server  System.  Upgrading  to  Microsoft®  Windows  Server  System™ 
makes  it  possible  for  eBay,  the  leading  online  marketplace,  to  consolidate  its  mail  servers  from  85  down 
to  25,  while  handling  over  seven  million  e-mails  a  day.  Here's  how:  By  deploying  Windows  Server™  2003 
with  Exchange  Server  2003,  eBay  kept  its  growing  global  workforce  connected  while  reducing  the 
number  of  mail  servers  and  sites  to  support,  thereby  cutting  basic  costs  per  mailbox  by  70  percent. 
To  get  the  full  eBay  story  or  find  a  Microsoft  Certified  Partner,  go  to  microsoft.com/wssystem 
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poweredbycisco. 

More  customers.  More  tracking  numbers. 


And,  yes,  more  demands  on  your  storage  network. 

How  do  you  keep  it  all  accessible  yet  manageable?  Or  better  yet  affordable? 
Cisco  intelligent  storage  networking  can  keep  things  available 
and  on  the  move— from  container  ship  to  distribution  center 

to  checkout  counter.  Intelligent  apps,  meet  intelligent  storage  networking. 
Learn  how  Cisco  is  keeping  business  manageable  at 
cisco.com/poweredby. 
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Equant  Pushes  to  Win  More  Network  Deals  in  U.S. 


BY  MATT  HAMBLEN 

CAMBRIDGE,  MASS. 

In  August,  Barbara  Dalibard  was  named 
president  and  CEO  of  Amsterdam- 
based  network  operator  Equant  BV. 
Dalibard  is  also  an  executive 
vice  president  at  Paris-based 
France  Telecom  SA,  which 
bought  full  ownership  of  Equant 
in  May.  After  a  recent  technol¬ 
ogy  demonstration  at  a  facility 
owned  by  France  Telecom  here, 
Dalibard  spoke  with  Computer- 
world  about  the  company’s  ef¬ 
forts  to  use  Equant  to  become  a 
bigger  factor  in  the  U.S.  telecommunica¬ 
tions  market.  Excerpts  follow: 

What  differentiates  you  from  AT&T  and  all 
the  other  network  carriers?  One  of  the 

main  differentiators  we  have  is  global 
reach.  We’re  everywhere  in  the  world, 
even  in  places  others  don’t  want  to  go. 
Second,  innovations.  We  really  want  to 
be  on  the  leading  edge,  ahead  of  the 
pack,  working  with  customers  to  in¬ 
vent  new  kinds  of  innovations.  When 
you  look  at  the  amount  of  money  spent 
on  research  at  France  Telecom,  we’re 
ahead  of  nearly  any  telco  worldwide. 


You  said  that  your  research  investment  will 
double  to  2%  of  expenses  in  the  next  year. 
But  isn’t  2%  low  when  compared  with  what 
software  vendors  spend?  We  don’t  think 
the  same  way  as  a  software  company, 
perhaps.  A  lot  of  our  expenses 
are  related  to  operating  a  net¬ 
work.  We’re  ahead  of  the  other 
operators. 


How  important  is  the  U.S.  market  to 
you?  Very  important.  We  have 
already  been  working  with  a  lot 
of  American  companies  and 
have  top  [executives  at  mobile 
network  unit  Orange  SA]  and  Equant 
who  are  Americans.  But  it’s  a  tough 
market  for  us,  as  it  is  for  most  Euro¬ 
pean  companies.  To  take  the  example 
of  the  enterprise  market,  we  don’t  plan 
to  do  everything  by  ourselves.  We’re 
buying  services  from  SBC,  AT&T  and 
Verizon,  depending  on  our  customers’ 
locations.  We  cannot  be  everywhere. 

Do  you  need  to  have  the  best  price  in  com¬ 
petitive  bids  to  win  contracts?  Price  is  re¬ 
lated  to  quality.  We  aren’t  aiming  at  be¬ 
ing  the  cheapest-value-quality  guy.  We 
want  to  provide  the  best  price  for  the 


Outsourcing  Group  Pitches  Ethics, 
Contract  Management  Standards 


BY  PATRICK  THIBODEAU 

The  International  Association  of  Out¬ 
sourcing  Professionals  (IAOP)  has  re¬ 
leased  a  code  of  ethics  and  a  set  of 
business-practice  standards  that  are 
designed  to  help  companies  improve 
their  processes  for  awarding  and  man¬ 
aging  outsourcing  contracts. 

The  standards  apply  to  IT  deals  as 
well  as  other  forms  of  outsourcing. 
One  of  the  people  involved  in  the  ef¬ 
fort  was  Cynthia  Kearney,  vice  presi¬ 
dent  of  global  pharmaceutical  R&D 
sourcing  and  supplier  management  at 
Johnson  &  Johnson  Pharmaceutical 
Research  &  Development  LLC  in  Rari¬ 
tan,  N.J.  Kearney  said  the  guidelines, 
which  were  issued  Sept.  26,  will  give 
the  parties  in  an  outsourcing  agree¬ 
ment  a  common  business  framework. 

“I  think  it’s  a  value-add  when  you 
have  governance  upfront,”  she  said. 
“There  is  efficiency  associated  with 
that  —  the  fragmentation  isn’t  there, 
[and]  there  aren’t  disconnects,  be¬ 
cause  there  are  already  some  princi¬ 
ples  established  to  how  you  conduct 


yourself  in  dealing  with  third  parties.” 

The  standards  are  general  but  weigh 
heavily  in  favor  of  disclosure,  candor 
and  the  use  of  objective  metrics  that 
are  agreed  on  by  both  sides. 

For  instance,  the  IAOP  is  asking 
users  and  vendors  “to  accurately  rep¬ 
resent  the  extent  of  executive  support 
for  an  outsourcing  relationship.” 

The  Lagrangeville,  N.Y.-based  orga¬ 
nization  also  is  calling  on  companies  to 
invest  at  least  40  hours  annually  in 
training  and  professional  development 
activities  for  each  employee  involved 
in  managing  outsourcing  contracts. 

Mike  Corbett,  executive  director  of 
the  IAOP,  said  the  group  hopes  the 
standards  will  help  outsourcing  rela¬ 
tionships  succeed,  partly  by  making 
management  practices  more  consistent 
from  company  to  company. 

Kearney  said  she  plans  to  form  a 
committee  at  Johnson  &  Johnson  to  re¬ 
view  the  suggested  standards  and  ethi¬ 
cal  practices  and  incorporate  in  the 
company’s  business  procedures  any 
that  aren’t  yet  in  place.  ©  57421 


highest  quality.  We  manage  complexi¬ 
ty.  It’s  not  just  a  basic  network  link  be¬ 
tween  two  locations. 

The  North  American  market  has 


been  very,  very  competitive.  Obviously, 
we  have  some  competitors  who  buy 
[market]  share  by  underpricing.  But 
our  customers  want  to  have  a  reliable 
network  services  partner.  If  in  five 
years  the  carrier  dies  because  of  under- 
pricing,  that’s  not  good.  ©  57358 
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Full  CA  Turnaround  Could  Take 
Three  More  Years,  Swainson  Says 


Repairing  relationships,  changing 
culture  is  ‘not  an  overnight  transition’ 


BY  CRAIG  STEDMAN 

FRAMINGHAM.  MASS. 

John  Swainson,  president  and 
CEO  of  Computer  Associates 
International  Inc.,  is  approach¬ 
ing  the  one-year  anniversary  of 
his  hiring  as  the  company’s  top 
executive  last  November.  At  a 
CA  facility  here  last  week, 
Swainson  spoke  with  reporters 
and  editors  from  International 
Data  Group  Inc.,  Computer- 
world’s  parent  company.  The 
main  topic  was  the  status  of  his 
efforts  to  revamp  the  software 
vendor,  which  was  wracked  by 
an  accounting  scandal,  govern¬ 
ment  investigations,  weak  rev¬ 
enue  growth  and  the  ouster  of 
former  CEO  Sanjay  Kumar  be¬ 
fore  Swainson’s  arrival. 

Where  do  things  stand  at  CA  as 
your  first  year  at  the  company 
comes  to  an  end?  I  think  it’s 
been  an  interesting  year  for 
the  company.  It’s  certainly 
been  an  interesting  year  for 
me.  We  feel  pretty  good  about 
where  we  are.  But  it’s 
not  an  overnight  tran¬ 
sition,  by  any  means. 

The  timeline  I  now 
recognize  is  about  a  four-year 
timeline,  and  I  really  couldn’t 
have  that  degree  of  clarity 
when  I  started.  There’s  a  good 
reason  why  you  go  into  these 
things  a  little  naive  (laughs). 

You  said  you’ve  replaced  half  of 
CA’s  senior  executives  with  out¬ 
siders,  streamlined  the  company’s 
product  strategy,  reorganized 
around  new  business  units  and 
made  changes  to  the  sales  force. 
What  still  needs  to  be  done?  The 
first  phase  was  to  fix  the  prob¬ 
lems.  The  second  phase  that 
we’re  in  now  is  to  set  the  stage 
for  stronger  growth.  Our  IT 
environment  was  particularly 
weak,  which  was  frankly  a  big 
surprise  coming  in  here.  I  ex¬ 
pected  that  CA  as  an  IT  ven¬ 
dor  would  have  robust  sys¬ 
tems,  and  we  didn't  and  we 


still  don’t.  The  mechanics  of 
installing  our  new  SAP  system 
and  a  lot  of  [the  other  internal 
changes]  will  be  done  in  the 
next  12  to  18  months.  The 
changing  of  CA’s  culture, 
which  to  some  extent  is  first 
about  customer  relationships 
—  those  are  the  long-term 
things. 

You  announced  the  SAP  project 
last  December.  Where  does  it 
stand  now?  We  are  going  to  do 
a  wholesale  [ERP  system]  re¬ 
placement,  which  most  people 
don’t  do.  And  we’re  going  to 
do  it  in  less  than  three  years. 
We’ll  run  our  old  and  new  sys¬ 
tems  in  parallel  over  the  last 
two  quarters  of  our  fiscal  year 
in  North  America,  and  then  do 
the  same  thing  in  Europe. 

Have  there  been  any  big  pain 
points  yet?  Nothing  that  a  ma¬ 
jor  amount  of  money  can’t 
help.  It  is  an  astonishingly  ex¬ 
pensive  process.  No  one  in 
their  right  mind  does 
this.  You  do  this  when 
you’re  desperate,  and 
we  were  desperate. 
There  was  no  single  source  of 
data  for  anything.  And  in  fact, 
much  of  the  discussion  in 
meetings  went  around  whose 
data  was  more  right  or  less 
wrong.  The  weak  systems  also 
got  called  out  in  the  deferred- 
prosecution  deal  [that  CA 
signed  with  the  federal  gov¬ 
ernment  in  September  2004] 
as  one  of  the  things  that  con¬ 
tributed  to  the  problems  in  the 
company.  The  systems  were  so 
loose  that  it  allowed  bad  guys 
to  get  in  there  and  do  things 
they  shouldn’t  have. 

Sanjay  Kumar’s  trial  on  charges 
of  accounting  fraud  is  coming  up. 

Do  you  expect  any  fallout  from 
that?  The  trial  starts  in  April, 
and  we  expect  more  activity 
around  it  to  start  in  March. 
There’s  not  much  we  can  do  at 


HI  hope 

we’ve  moved 
[customers]  from  a 
position  of  outright 
hostility  to  a  posi¬ 
tion  of  skepticism  - 
perhaps  neutral 
skepticism. 

JOHN  SWAINSON.  PRESIDENT  AND 
CEO,  COMPUTER  ASSOCIATES 

this  point.  All  we  can  do  is  tell 
our  story  and  make  sure  peo¬ 
ple  recognize  that  these  things 
are  part  of  the  past.  It’s  certain¬ 
ly  part  of  the  history  of  CA,  but 
it’s  not  part  of  the  future. 

You  said  repairing  customer  rela¬ 
tionships  was  part  of  the  long¬ 
term  process  for  fixing  CA.  So  that 
isn’t  where  you  want  to  see  it? 

Very  much  so.  I  hope  we’ve 
moved  people  from  a  position 
of  outright  hostility  to  a  posi¬ 
tion  of  skepticism  —  perhaps 
neutral  skepticism.  We  have  to 
demonstrate  by  what  we  do, 
not  just  what  we  say,  that 
we’re  a  partner  worthy  of  do¬ 
ing  business  with,  and  that’s 
going  to  take  some  time.  Our 
intent  is  to  get  our  customer- 
satisfaction  ratings  on  our  in¬ 
ternal  surveys  up  to  above 
80%,  from  somewhere  below 
70%  now.  Best  of  class  is 
somewhere  between  80%  and 
90%,  and  we  have  some  work 
to  do  to  get  there. 


It  isn’t  just  a  matter  of  you  and 
other  executives  meeting  with 
customers?  It’s  hardly  at  all 
about  us  doing  that.  Me  going 
out  and  saying  we’re  going  to 
be  a  good  partner  is  interest¬ 
ing,  but  it’s  really  how  our 
[sales]  team  follows  up  and 
how  we  act  in  the  marketplace 
that’s  important. 

One  of  the  things  that  Kumar  did 
get  credit  for  from  IT  managers 
when  he  was  CEO  was  improving 
relations  with  users.  Was  that 
overstated?  Sanjay  did  identify 
that  there  was  a  problem  with 
what  I’d  call  the  confronta¬ 
tional  model  of  dealing  with 
customers.  The  company 
made  some  progress  on  that 
but  then  became  so  self- 
absorbed  with  some  of  the  [in¬ 
ternal]  problems  that  it  be¬ 
came  ineffective.  Frankly,  a  lot 
of  that  momentum  was  lost. 

What’s  happening  in  your  sales 
force?  Your  first  quarter  was  pret¬ 
ty  turbulent  in  terms  of  turnover 
there.  It  was,  but  I  think  we’re 
through  some  of  the  turbu¬ 
lence.  On  an  annualized  basis, 
we  had  about  20%  turnover, 
which  is  high  but  not  exces¬ 
sive  for  software  companies. 
You  typically  have  12%  to  20% 
turnover,  so  we  were  on  the 
high  end  of  the  range  —  high¬ 
er  than  I’d  like  to  see  it,  but 
not  crazy.  I  think  we’ve  made 
good  strides  in  transforming 
the  sales  organization.  The  old 
joke  used  to  be  that  you’d  nev¬ 
er  see  a  CA  salesperson  until 
three  months  before  your  con¬ 
tract  was  up  for  renewal,  and 
then  he’d  show  up  with  his 
hand  out. 

CA  has  started  to  make  acquisi¬ 
tions  again,  buying  vendors  like 
Niku,  Netegrity  and  Concord  Com¬ 
munications.  Does  your  acquisi¬ 
tion  strategy  differ  from  the  ap¬ 
proach  CA  took  in  the  past?  I 
think  it’s  very  different.  CA  in 
the  past  made  opportunistic 
software  acquisitions,  and  it 
didn’t  really  seem  to  matter 
what  part  of  the  business  they 
were  in.  To  a  certain  extent,  it 
was  a  random  walk  through 
the  software  industry  because 
it  was  more  focused  on  finan¬ 
cial  aspects  than  on  technol¬ 
ogy  or  business  aspects.  I 


think  that  strategy  served  CA 
well  for  a  period  of  time,  but  it 
ran  out  of  gas  in  the  mid  ’90s. 
All  of  the  acquisitions  you’ve 
seen  us  make  [in  the  past 
year],  or  will  see  us  make,  are 
designed  to  expand  our  prod¬ 
uct  portfolio  or  fill  a  niche 
that  we  haven’t  focused  on. 

Is  it  likely  that  you’ll  buy  more 
companies  in  the  near  future? 

Yeah.  You  saw  us  do  seven 
acquisitions  [in  the]  last  year, 
three  of  them  major.  That 
probably  is  a  little  ahead  of 
where  I  expect  to  be  a  year 
from  now  in  terms  of  the  rate. 

I  don’t  expect  to  do  $1  billion 
worth  of  acquisitions  in  the 
next  12  months,  but  I  wouldn’t 
be  surprised  to  see  us  do 
$500  million  to  $600  million 
worth.  In  the  short  term,  you 
get  the  biggest  bang  for  the 
buck  [in  revenue  growth]  from 
acquisitions. 

CA  went  back  and  forth  on  holding 
a  CA  World  conference  this  year. 

Do  you  think  attendance  at  next 
month’s  event  will  be  lower  as  a 
result?  We  made  a  lot  of 
changes  to  CA  World  —  we 
changed  the  time  it’s  taking 
place,  we  changed  the  struc¬ 
ture  and  we  made  it  a  fee- 
based  conference.  I  do  think 
attendance  will  be  lower  rela¬ 
tive  to  previous  years,  maybe 
50%  lower.  I  hope  we  can  at¬ 
tract  more  attention  to  it  [in 
the  future].  But  I  think  it’s 
probably  a  good  thing  for  now 
to  have  it  smaller  and  more  fo¬ 
cused.  It  gives  me  a  chance  to 
speak  to  an  audience  in  a 
more  focused  way. 

In  terms  of  changing  the  culture  at 
CA,  can’t  you  just  say  what  the 
new  culture  is,  and  that’s  that? 

Cultures  build  as  much  from 
the  bottom  up  as  they  do  from 
the  top  down.  CA  has  a  cul¬ 
ture  today,  but  it’s  not  some¬ 
thing  that  anyone  thought  a  lot 
about.  It  was  just  something 
that  sprouted,  and  it  was  dif¬ 
ferent  [in  this  facility]  than  it 
was  [at  company  headquar¬ 
ters],  You  can  communicate 
what  you  want  it  to  be,  but  it’s 
the  building  it  up  and  rein¬ 
forcing  it  that  takes  time.  Peo¬ 
ple  watch  what  you  do,  not 
what  you  say.  ©  57466 
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Feds  Get  Four  Bids  for 
$20B  Telecom  Contract 


Networx  pact  will 
include  voice,  data 
and  video  services 

BY  LINDA  ROSENCRANCE 

Four  major  telecommunica¬ 
tions  companies  have  submit¬ 
ted  initial  bids  for  the  U.S. 
government’s  10-year  telecom¬ 
munications  services  contract, 
known  as  Networx  and  poten¬ 
tially  worth  up  to  $20  billion. 

The  Networx  program  is  de¬ 
signed  to  provide  legacy  and 
leading-edge  voice,  data  and 
video  services  to  all  U.S.  gov¬ 
ernment  agencies. 

The  contract  has  two  parts: 
Networx  Universal,  which 


covers  37  domestic  and  inter¬ 
national  telecommunications 
services;  and  Networx  Enter¬ 
prise,  which  is  geared  toward 
smaller  carriers  and  designed 
to  provide  a  core  set  of  IP  and 
wireless  services  in  particular 
geographic  regions. 

The  four  lead  bidders  — 
MCI  Inc.,  Sprint  Nextel  Corp., 
AT&T  Corp.  and  Qwest  Com¬ 
munications  International  Inc. 
—  submitted  proposals  for  the 
universal  pact  to  the  U.S.  Gen¬ 
eral  Services  Administration 
earlier  this  month.  Each  is  also 
expected  to  offer  proposals  for 
the  Networx  enterprise  work. 
Those  bids  are  due  today. 

The  GSA  is  expected  to  take 


up  to  a  year  to  review  the  bids, 
and  it  could  choose  more  than 
one  winner,  said  Blake  Wil¬ 
liams,  an  agency  spokesman. 

“We  have  not  determined 
the  precise  number  of  awards 
for  Networx,”  he  said.  “How¬ 
ever,  we  anticipate  two  to 
three  for  the  universal  acquisi¬ 
tion  and  around  five  for  the 
enterprise  acquisition.” 

Although  the  Networx  pro¬ 
gram  is  valued  at  as  much  as 
$20  billion,  the  government 
has  so  far  committed  to  spend 
only  $525  million  on  the  uni¬ 
versal  contract  and  $50  million 
on  the  enterprise  contract. 

And  because  agencies  aren’t 
required  to  use  only  Networx 
providers,  losing  bidders 
could  still  solicit  business 
from  individual  agencies. 

The  Networx  program  will 
replace  a  series  of  contracts 
known  as  FTS2001,  which  will 


expire  in  2007.  MCI  and  Sprint 
hold  the  main  FTS2001  pacts. 

Warren  Suss,  president  of 
Suss  Consulting  Inc.  in  Jenkin- 
town,  Pa.,  said  the  GSA  must 
make  sure  the  winning  bidders 
can  deliver  a  broad  range  of 
services.  “In  the  government 
arena,  unlike  in  the  commer¬ 
cial  arena,  a  response  that  says 
‘trust  me’  won’t  fly,”  he  said. 

Possible  Front-runners 

Suss  and  Sean  Buckley,  an  ana¬ 
lyst  at  Washington-based  Cur¬ 
rent  Analysis  Inc.,  both  gave 
MCI  and  Sprint  an  edge  in  the 
bidding  as  incumbent  suppli¬ 
ers,  but  agreed  that  there  are 
no  guarantees. 

“MCI  is  the  incumbent,” 

Suss  said.  “That’s  their  strength 
going  into  this.  They  offer 
agencies  the  lowest  perceived 
risk  in  terms  of  transition 
issues.” 


Buckley  added  that  MCI  has 
“served  the  government  since 
the  mid  1980s,  so  obviously 
they  have  that  network  reach 
across  the  world.  But  that 
doesn’t  always  mean  it’s  going 
to  be  a  winner,  either.” 

Sprint  not  only  holds  part 
of  the  FTS2001  contract,  but 
also  part  of  its  predecessor, 
FTS2000,  Buckley  noted. 
“Sprint  also  has  a  strong  wire¬ 
less  play  that  MCI  doesn’t 
have,  and  Sprint  just  bought 
Nextel,”  he  said. 

Suss  and  Buckley  also  gave 
AT&T  and  Qwest  a  chance  to 
win  the  Networx  contract  but 
said  that  each  has  more  hur¬ 
dles  to  overcome  than  MCI 
and  Sprint  do. 

Both  analysts  added  that 
they  wouldn’t  be  surprised 
if  the  GSA  does  decide  to 
choose  more  than  one  win¬ 
ning  bidder.  ©  57494 
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Vendors  Unveil  New 
Supply  Chain  Software 


Oracle,  i 2,  Lawson 
and  SAP  plan  to 
update  tool  sets 

BY  MARC  L.  SONGINI 

racle  corp.,  Law- 
son  Software  Inc. 
and  i2  Technologies 
Inc.  all  have  either 
shipped  an  updated  supply 
chain  management  (SCM) 
system  or  plan  to  ship  one 
over  the  next  month. 

And  SAP  AG  disclosed  last 
week  that  a  new  version  of  its 
SCM  offering  will  ship  by  the 
end  of  this  year. 

Dallas-based  i2  last  week 
brought  out  the  third  piece  of 
its  Collaborative  Supply  Exe¬ 
cution  (CSE)  applications  — 
the  Collaborative  Materials 
Management  module  —  that 
will  ship  with  the  next  version 
of  i2’s  SCM  system,  dubbed 
Six.Two,  in  November. 

The  other  CSE  modules  — 
Consolidated  Procurement 
and  Supply  Collaboration/ 


Lean  Replenishment  —  have 
been  introduced  over  the  past 
month.  The  Collaborative  Ma¬ 
terials  Management  module 
synchronizes  materials  plan¬ 
ning  with  purchasing  and  pro¬ 
curement  workflows,  said 
Sharmistha  Dubey,  director  of 
solutions  marketing  at  i2. 

Together,  the  new  i2  CSE 
applications  are  intended  to 
better  support  the  company’s 
so-called  closed-loop  system, 
which  allows  a  company  to 
forecast,  execute  and  measure 
supply  chain  processes. 

The  upgraded  software 
offers  tight  synchronization 
among  the  procurement,  re¬ 
plenishment,  supply  planning 
and  collaboration  and  execu¬ 
tion  processes,  said  Dubey. 

The  i2  modules  will  run  on 
top  of  the  company’s  Agile 
Business  Process  platform, 
which  will  ship  in  various 
parts  through  the  rest  of  the 
year.  The  platform  is  based  on 
a  Web  services  integration 
architecture,  which  will  let 


users  easily  replace  i2’s  vari¬ 
ous  modules  when  updates 
come  out. 

One  user  had  mixed  feelings 
about  the  rollout.  Kevin  Bott, 
vice  president  of  supply  chain 
solutions  and  technology  ser¬ 
vices  at  Miami-based  Ryder 
System  Inc.,  said  the  new 
modules  appear  to  be  simply 
a  repackaging  of  older  i2 
applications. 

Better  Communication 

Bott  did  say  that  the  new 
integration  platform  could 
help  some  users  improve  com¬ 
munication  among  the  various 
modules,  but  he  also  noted 
that  corporate  users  can  get 
the  same  benefits  from  inte¬ 
grated  ERP  software. 

Oracle’s  PeopleSoft  Enter¬ 
prise  Supply  Chain  Manage¬ 
ment  and  Supplier  Relation¬ 
ship  Management  8.9  modules 
are  said  to  contain  100  en¬ 
hancements.  The  new  mod¬ 
ules  began  shipping  in  August. 

The  contract  management 


Oracle  Updates  PeopleSoft  Financials 


ORACLE  announced  that  it 
started  shipping  Version  8.9  of 
the  PeopleSoft  Enterprise  Finan¬ 
cial  Management  suite. 

Oracle  officials  said  the  move 
confirms  its  promise  not  to  force 
users  of  the  acquired  PeopleSoft 
application  to  migrate  to  Oracle 
E-Business  Suite  11i. 

Analysts,  however,  weren’t  so 
sure.  While  the  upgrade  will  help 
seme  PeopleSoft  customers  bet¬ 
ter  handle  statutory  compliance, 
the  product  line  remains  essen¬ 
tially  in  a  “dead  end”  mode,  said 
Joshua  Greenbaum,  an  analyst 
at  Enterprise  Applications  Con¬ 
sulting  in  Berkeley,  Calif. 

Greenbaum  said  he  expects 
that  Oracle  will  continue  to  re¬ 
lease  such  regulatory  enhance¬ 
ments,  but  he  doesn’t  anticipate 
a  new  PeopleSoft  product  based 
on  an  updated  code  base. 


Version  8.8  of  PeopleSoft 
Enterprise  shipped  20  months 
ago,  when  PeopleSoft  was  still 
an  independent  vendor.  At  that 
time,  work  had  already  begun  on 
Version  8.9,  which  shipped  on 
Oct.  5,  said  Rich  Rodgers,  vice 
president  of  financial  applica¬ 
tions  strategy  at  Oracle. 

“This  release  of  SCM  and 
Financial  Management  is  un¬ 
changed  in  scope,"  he  said.  Ora¬ 
cle  hopes  that  the  new  version 
will  one  day  help  PeopleSoft 
users  migrate  to  Project  Fusion, 
the  best-of-breed  application 
suite  that  Oracle  is  developing 
[QuickLink  52089],  Rodgers 
said. 

The  new  version  of  the  finan¬ 
cial  application  offers  greater 
support  for  compliance  with 
global  accounting  standards 
and  best  practices,  according 


to  Rodgers.  For  instance, 

Oracle  has  automated  cash¬ 
flow  statement  processes  to 
help  companies  comply  with 
both  international  and  U.S. 
regulations. 

There  is  also  the  new  Finan¬ 
cial  Gateway  tool,  which  central¬ 
izes  and  streamlines  payment 
and  receipt  processes,  Rodgers 
said. 

The  new  version  also  offers 
the  Enterprise  Asset  Lifecycle 
Management  tool,  which  is  in¬ 
tended  to  help  companies  cost- 
effectively  acquire,  maintain  and 
replace  physical  assets. 

The  new  functions  are  en¬ 
abled  by  some  of  the  assets 
obtained  from  the  J.D.  Edwards 
portfolio  of  applications  that 
came  with  Oracle's  acquisition 
of  PeopleSoft,  said  Rodgers. 

-  Marc  L  Songini 


module  is  a  key  piece  of  the 
release,  said  John  Webb,  vice 
president  of  supply  chain 
application  product  strategy  at 
Oracle.  The  tool  allows  com¬ 
panies  to  fully  craft  and  then 
enforce  supplier  contracts 
more  efficiently,  he  said. 

Meanwhile,  Lawson  next 
month  plans  to  extend  its  Mo¬ 
bile  Supply  Chain  Manage¬ 
ment  health  care  tool  to  other 
industries.  The  Lawson  Re¬ 
ceiving  and  Delivery  tool  lets 


users  track  packages  automati¬ 
cally,  said  a  spokesman. 

An  SAP  spokesman  offered 
few  details  of  the  SAP  SCM  5.0 
upgrade,  but  he  said  it  will  in¬ 
clude  a  cross-docking  module 
for  its  warehouse  management 
application  to  boost  the  speed 
of  inventory  flow. 

The  updated  version  will 
also  add  an  analytics  tool  to 
optimize  the  planning  and  ex¬ 
ecution  of  service  parts  inven¬ 
tory  shipments.  ©  57484 


NEW  PRODUCT 


F5  Builds  Firewall  Into  App 
Management  Devices 


Big-IP  Application 
Security  Module 

F5  Networks  Inc. 

■  PRODUCT  SUMMARY:  Seat 
tie-based  F5  Networks  last  week 
announced  a  software  module  that 
adds  security  features  to  its  Big-IP 
line  of  appliances  for  managing  ap¬ 
plication  traffic  and  performance. 
The  Application  Security  Module 
(ASM)  provides  users  with  an 
application-layer  firewall  that’s 
designed  to  protect  Web-based 
systems  against  buffer  overflow 
attacks,  compromises  of  access- 
control  mechanisms,  worms  and 
other  problems.  In  addition,  cloak¬ 
ing  features  are  included  to  conceal 
error  messages  from  end  users. 

Erik  Giesa,  vice  president  of  prod¬ 
uct  management  at  F5,  said  the  se¬ 
curity  module  will  be  available  on 
the  6400  and  6800  models  of  the 
rack-mountable  Big-IP  line. 

■  USER  EXPERIENCE:  Blue 
Cross  and  Blue  Shield  of  Kansas 
City  in  Missouri  will  install  two  Big- 
IP  6400s  “any  day  now”  in  an  at¬ 
tempt  to  increase  the  security  of  its 
Web  applications  and  help  improve 
their  performance,  said  Larry 
Strickland,  manager  of  network  en¬ 
gineering  at  Blue  Cross.  Strickland 
hopes  that  putting  the  application 
firewall  inside  the  Big-IP  appli¬ 
ances  will  help  him  avoid  having  to 
run  and  manage  it  separately. 
“We've  got  a  really  complicated 
DMZ,”  he  said,  pointing  to  the  need 
for  increased  simplicity  within  the 
health  insurer’s  network  security 
setup.  Blue  Cross  has  used  two 
previous  Big-IP  models  and  has 


F5  Networks’  new 
Big-IP  appliance 


i 

seen  “consistent  application  per¬ 
formance  increases”  from  the  ap¬ 
pliances,  Strickland  said. 

■  ANALYST  ASSESSMENT: 

Joe  Skorupa,  an  analyst  at  Gartner 
Inc.  in  Stamford,  Conn.,  said  the 
Big-IP  ASM  is  unique  so  far  in  of¬ 
fering  an  integrated  application 
firewall  capability.  But  he  added 
that  other  vendors,  including  Citrix 
Systems  Inc.,  Radware  Ltd.  and 
Teros  Inc.,  likely  will  soon  follow 
suit  with  similar  offerings.  Skorupa 
said  the  F5  software  brings  a  fire¬ 
wall  inside  the  network  core,  in¬ 
stead  of  just  monitoring  traffic  at 
network  gateways.  “This  way,  even 
those  users  who  are  inside  [a  net¬ 
work]  and  trusted  must  still  pass 
through  a  firewall,”  he  said. 

■  OTHER  VENDORS  IN  THE 
MARKET:  Cisco  Systems  Inc.  The 
total  market  for  application  man¬ 
agement  appliances  will  be  about 
$1.5  billion  this  year,  Skorupa  said, 
“it’s  a  very  active  market,  and 
[these  appliances]  are  becoming  a 
core  component  of  the  data  center 
architecture  between  applications 
and  users,”  he  added. 

■  PRICE:  The  Big-IP  devices  start 
at  $34,995:  the  ASM  software 
costs  $12,500. 

■  AVAILABILITY:  Now 

-  Matt  Hamblen 
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DON  TENNANT 


Just  Wondering 


I  WONDER  IF  you  noticed  a  fairly  short  news 
piece  that  appeared  on  page  10  of  last  week’s 
issue.  We  ran  it  as  a  sidebar  to  Carol  Sliwa’s 
story  about  Sun  Microsystems  improving  the 
compatibility  of  its  StarOffice  suite  with  Mi¬ 
crosoft  Office.  The  sidebar,  headlined  “Google,  Sun 


Leave  IT  Out  of  Picture,” 
constituted  our  full  print 
coverage  of  the  collabora¬ 
tion  the  two  vendors  an¬ 
nounced  at  a  gala  news 
conference  on  Oct.  4. 

We  had  to  cover  the 
Sun/Google  story.  Any¬ 
thing  involving  Google 
tends  to  generate  a  lot 
of  buzz,  and  chances  are 
you  heard  that  there  was 
something  going  on  be¬ 
tween  the  two  companies. 

You  needed  to  know  if  you  need 
to  care. 

As  we  were  able  to  convey  in 
those  12  inches  of  copy,  you  don’t. 
Tom  Austin,  a  Gartner  analyst  quot¬ 
ed  in  the  story,  put  it  very  succinctly. 
“The  corporate  IT  angle  is  what  they 
didn’t  announce,”  he  said.  “The 
deeper  I  dug,  the  less  there  was.” 

And  as  Lee  Gomes  of  The  Wall  Street 
Journal  noted  in  a  great  column  last 
week,  the  announcement  was  “a 
model  for  how  well-known  compa¬ 
nies  can  make  a  major  media  event 
out  of  a  nothingburger.” 

Yet  it  was  entirely  too  predictable 
that  some  in  the  technology  media 
would  be  making  nothingburger 
hash  last  week.  They  served  up  what 
Sun  and  Google  ordered:  a  mouth¬ 
piece  to  help  prolong  the  buzz.  I 
can’t  say  that  I  blame  the  vendors. 
Hey,  if  it  was  my  job  to  make  more 
money  for  my  shareholders,  I’d  want 
there  to  be  a  lot  of  buzz,  too. 

But  as  a  journalist,  it  bothers  me  to 
see  the  technology  media  being  used 
this  way.  It  bothers  me  to  see  publi¬ 
cations  so  willingly  give  expansive, 
front-and-center  coverage  to  a  story 
like  this,  complete  with  the  requisite 
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ridiculous  photo  of  Sun’s 
Scott  McNealy  and 
Google’s  Eric  Schmidt 
goofily  grinning  at  each 
other. 

The  consistent  success 
IT  vendors  enjoy  in  dri¬ 
ving  news  coverage  in 
the  technology  press  is 
just  maddening.  Unques¬ 
tionably,  a  large  part  of 
our  job  is  to  cover  key 
developments  that  take 
place  on  the  all-too- 
garish  IT  vendor  stage.  You  need  to 
know  what  your  vendors  are  up  to 
in  order  to  do  a  large  part  of  your 
job.  At  Computerworld,  we  recognize 
that  you  rely  on  us  to  sift  through 
the  vendor  hype  to  find  those  news 
nuggets  you  need  to  know  about. 

That’s  why  we  approach  vendor¬ 
generated  developments  with  our 
own  agenda:  We’re  out  to  determine 


what,  if  anything,  the  “news”  means 
to  you,  and  to  take  advantage  of  any 
vendor  access  we  get  to  address  is¬ 
sues  that  are  likely  far  more  impor¬ 
tant  to  your  business  than  whatever’s 
being  announced  under  the  spot¬ 
lights.  The  fact  that  high-profile  ven¬ 
dors  stage  an  announcement  specta¬ 
cle  with  all  the  showmanship  and 
choreography  we’ve  come  to  expect 
simply  isn’t  a  good  enough  news 
hook  for  us.  And  we’re  very  much 
aware  that  it  isn’t  for  you,  either. 
That’s  why  you  read  us. 

I  wish  it  didn’t  bother  me  that  oth¬ 
ers  in  the  technology  media  fall  for 
this  stuff,  but  it  does.  I  can  just  pic¬ 
ture  the  PR  teams  at  Sun  and  Google 
reading  some  of  the  coverage  they 
got  last  week,  and  high-fiving  each 
other  at  their  success.  Sometimes  I 
wonder  what  they’re  really  thinking. 

I  wonder  if  they  have  to  chuckle  at 
the  way  the  crumbs  they  toss  out  are 
so  eagerly  licked  up. 

But  more  than  anything,  I  wonder 
why  some  in  the  tech  media  allow 
themselves  to  be  used.  And  I  wonder 
why  on  earth  they  don’t  care.  O  57497 


MICHAEL  H.  HUGOS 

The  Rhythm 
of  the 
Quarters 

JUST  AS  FARMERS  and 
people  who  make  their 
living  from  the  land  have 
a  rhythm  to  their  lives  that 
is  set  by  the  four  seasons, 
so  too  do  corporate  CIOs 

(whether  they  know  it  or  not).  Instead 
of  the  four  seasons,  we  in  business 
have  the  four  quarters.  Each  quarter 
has  its  demands  and  opportunities. 

Like  good  farmers  who  prosper  by  re¬ 
sponding  appropriately  to  each  season, 
CIOs  make  the  best  use  of  the  oppor¬ 
tunities  presented  by  each  quarter  if 
they  are  to  prosper. 

The  rhythm  of  the  quarters  isn’t 
quite  as  well  defined  as  the  rhythm  of 
the  seasons,  but 
here’s  my  take  on  it 
based  on  my  years  as 
a  reasonably  suc¬ 
cessful  (knock  on 
wood)  CIO. 

In  the  first  quarter, 
we  need  to  get  out  of 
the  gate  quickly  and 
get  started  on  the 
major  development 
projects  for  the  year. 

In  the  second 
quarter,  we  have  to 
achieve  the  first 
round  of  project 
milestones  and  make 
any  needed  mid¬ 
course  corrections. 

In  the  third  quar¬ 
ter,  new  systems  and 
enhancements  need 
to  be  built  and  put 
into  production. 

In  the  fourth  quarter,  the  successful 
CIO  reaps  the  benefits  of  a  good  har¬ 
vest  and  begins  planning  projects  for 
the  coming  year. 

“Well  heck,  Mike,”  you  say,  “that 
makes  it  seem  downright  obvious  and 
easy.”  Or  you  may  be  saying  things  like, 
“What  is  this  guy  talking  about?  Maybe 
he  ought  to  be  a  farmer  instead  of  a 
CIO.”  Hear  me  out,  though. 

In  the  first  quarter,  the  CIO  has  30 
days  to  finalize  agreements  with  busi¬ 
ness  executives  on  what  IT  projects 
are  to  be  done.  That  means  under- 
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standing  the  business  strategy  and  the 
IT  alignment  needed  to  support  the 
strategy. 

In  the  last  60  days  of  the  first  quar¬ 
ter,  the  CIO  needs  to  see  to  it  that  proj¬ 
ect  teams  of  qualified  people  are  as¬ 
signed  to  each  agreed-upon  project 
and  that  they  get  off  to  a  fast  start. 

Each  team  has  to  understand  the  busi¬ 
ness  goal  of  its  project  and  define  the 
performance  requirements  for  the  sys¬ 
tem  it  will  build.  The  team  comes  up 
with  a  conceptual  system  design  show¬ 
ing  high-level  business  processes  and 
the  technology  they’ll  use  to  support 
those  processes.  They  also  do  a  return- 
on-investment  analysis  and  adjust  their 
conceptual  design  if  required  so  the 
cost  of  the  system  doesn’t  exceed  the 
value  of  the  benefits  it  will  deliver.  Al¬ 


though  the  CIO  doesn’t  actually  do  this 
work  —  the  team  does  —  the  CIO  still 
makes  sure  it  all  gets  done  in  a  timely 
fashion. 

In  the  second  quarter,  the  teams 
flesh  out  their  conceptual  designs  and 
prototype  the  system  user  interface 
and  technical  architecture.  The  proto¬ 
types  must  verify  that  the  system  will 
work  as  expected,  or  the  system  has  to 
be  rethought  and  prototyped  again. 
Then  the  team  produces  a  set  of  de¬ 
tailed  design  specifications  to  build 
the  system.  Those  design  specs  are  the 
workflow  process  maps,  the  system 
data  model,  the  user  interface  and  the 
technical  system  architecture.  The 
CIO  should  watch  this  process  like  a 
hawk.  The  CIO  guides,  assists  and  ca¬ 
joles  the  teams  as  necessary  to  keep 


them  on  track  and  on  time. 

By  way  of  analogy,  when  farmers 
here  in  the  Midwest  talk  about  their 
corn  crops,  they  say,  “It  needs  to  be 
knee-high  by  the  Fourth  of  July.”  If  it 
isn’t,  there’s  not  much  hope  of  a  good 
harvest  in  the  fall.  If  project  teams 
haven’t  finished  their  detailed  system 
design  specs  by  the  end  of  the  second 
quarter,  there  isn’t  much  hope  that 
they  can  deliver  anything  by  the  end  of 
the  third  quarter  or  even  the  fourth 
quarter. 

In  the  third  quarter,  the  project 
teams  focus  on  building  their  systems. 
By  the  end  of  the  third  quarter,  the 
first  versions  of  the  new  systems  and 
business  processes  should  be  rolling 
out  to  users.  If  this  isn’t  happening  by 
the  end  of  the  third  quarter,  there 


won’t  be  any  rewards  for  the  CIO  to 
reap  in  the  fourth  quarter. 

In  the  fourth  quarter,  the  CIO  as¬ 
sesses  the  impact  of  the  new  systems 
and  begins  discussions  with  the  busi¬ 
ness  executives  about  what  will  be 
needed  next  year.  Year  after  year,  I 
have  seen  this  as  a  very  successful  pat¬ 
tern  to  follow.  This  is  the  way  I  run  my 
farm  —  I  mean  my  IT  operation.  I’ve 
also  noticed  that  I  have  to  produce  a 
good  harvest  each  year  in  order  for 
the  business  to  feel  good  about  giving 
me  a  decent  budget  for  the  next  year. 
©  57405 
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Skills  Should  Decide 
Who  Gets  IT  Jobs 

■  TEND  TO  AGREE  with  most  of  Stefan 
Steurs’  analysis  of  the  economics  of 
outsourcing  [“Offshoring:  A  View  From 
Europe,”  QuickLink  55190],  However, 
when  he  says,  “True,  Americans  and 
Europeans  sometimes  lose  jobs  to 
these  people,  but  aren't  we  overrepre¬ 
sented  in  terms  of  the  proportion  of  the 
world’s  IT  workers  to  our  relative  popu¬ 
lations?  Can  it  be  called  fair  that  we 
deny  people  of  the  largest  countries  in 
the  world  a  fair  share  of  the  market?” 

I’m  concerned  about  terms  such  as 
overrepresented  and  fair'm  this  con¬ 
text.  Is  it  fair  that  I've  been  denied  the 
right  to  play  in  the  NFL?  Or  is  it  just  be¬ 
cause  my  skills  in  that  area  are  simply 
woefully  inadequate?  No  one  has  been 
“denied  a  fair  share”  of  the  market. 

And  I  believe  recent  history  illus¬ 
trates  that  -  as  soon  as  some  of  these 
other  countries  were  able  to  offer  com¬ 
petitive  labor,  it  was  employed  quite 
quickly,  bringing  us  to  the  current  dis¬ 
cussion. 

Christopher  Meisenzahl 

Senior  automation  engineer, 
Lima,  N.Y. 


Objectivity  Regarding 
Mac  Is  Appreciated 

I  USE  A  MAC  AT  HOME  and  Windows 
at  work,  and  I’ve  seen  more  than 
enough  “This  is  why  Mac  will  never 
work  in  the  enterprise”  articles  to  last  a 
lifetime.  I  found  Douglas  Schweitzer’s 
column  fair  and  balanced,  which  is  re¬ 
freshing  [“A  Convert  With  a  Crush  on 


His  Mac,"  QuickLink  55803]. 

I  prefer  to  use  the  Mac  because  I  find 
it  more  stable  and  user-friendly,  but  I 
also  recognize  that  you  want  the  right 
tool  for  the  job.  I'm  sure  you’ll  get  some 
extremist  e-mail  responses  (i.e.,  “Macs 
stink"  or  “Macs  rule"),  but  it  was  great 
to  read  a  real-world  experience  that 
wasn’t  biased. 

Bill  King 

Senior  network  engineer, 

Mt.  Laurel,  N.J. 


Many  Managers 
Obstruct  Productivity 

MUST  TAKE  EXCEPTION  to  Paul 
Glen’s  statement  about  managers: 
"On  the  path  of  managerial  value,  you 
add  more  value  by  making  others  more 
productive”  [“Managers’  Forum,” 
QuickLink  54660], 

I  have  been  in  IT  for  over  20  years, 
and  I  have  seen  few  managers  who 
help  with  productivity  and  many  who 
are  obstacles. 

Glen  J.  Gasior 
Greenville,  S.C. 


Boomer  Mainframers 
Still  Offer  Expertise 

There  are  a  large  number  of  us 

former  mainframe  professionals 
who  endured  the  layoffs  of  the  '90s  and 
are  still  interested  in  working  in  that  en¬ 
vironment  [“Shortage  of  Mainframe 
Skills  May  Give  IT  Execs  Gray  Hairs,” 
QuickLink  55867], 

The  perception  seems  to  be  that 
young  college  graduates  are  the  only 


source  of  these  skills.  Not  so.  Vet  baby 
boomers  aren't  even  being  granted  in¬ 
terviews.  Perhaps  there’s  an  assump¬ 
tion  that  our  pay  requirements  will  be 
higher  (not  necessarily  true)  or  that  any 
training  costs  won't  be  recouped  during 
our  remaining  work  lives  (also  not  true). 

After  spending  16  years  with  IBM 
and  another  six  with  a  local  mainframe- 
based  company  here  in  Minnesota,  I 
would  welcome  the  opportunity  to  re¬ 
new  my  finely  tuned  mainframe  net¬ 
work  skills  and  expand  them  into  main¬ 
frame  programming  for  the  next  15  to 
20  years,  but  I  must  await  a  change  in 
hiring  practices  to  loyally  devote  the 
rest  of  my  working  years  to  the  vocation 
I  have  always  loved. 

Richard  Giltner 

Training  specialist,  Minneapolis 


Leave  Organizing 
Files  to  Computers 

I  ENJOYED  THE  ARTICLE  “Death  of 
the  File  System:  It’s  About  Time,”  by 
Geoff  Barrall  [QuickLink  55830],  very 
much,  but  I  think  the  “new”  way  of  stor¬ 
ing  and  accessing  files  can  be  taken 
even  further. 

For  instance,  why  would  a  user  ever 
need  to  specify  the  location  of  any  file? 
If  he  can  immediately  gain  access  to  it, 
who  cares  where  it's  kept?  This  would 
allow  the  operating  system  to  intelli¬ 
gently  organize  and  archive  data,  hope¬ 
fully  providing  a  much  less  fragmented 
system  of  storage  and  also  a  more  opti¬ 
mized  disk-access  subsystem. 

Also,  if  the  contents  of  files  can  be 
searched,  why  make  a  user  name  a  file? 
Shouldn’t  I  just  be  able  to  type  (or  even 


better,  speak)  “Last  year’s  tax  returns” 
and  have  the  operating  system  find  and 
open  the  relevant  files? 

Let  the  computer  do  what  comput¬ 
ers  do  best:  organize  things. 

Sean  Finn 

Software  developer,  Chicago, 
bergendog@gmail.com 


Health  Records  Need 
Standards  for  Data 

GREAT  ARTICLE  [“Reinventing 
EHR,"  QuickLink  55837],  but  the 
real  key  will  be  to  get  everyone  singing 
from  the  same  hymnal.  Other  than  the 
VA,  who  is  marketing  software  that  can 
produce  data  files  that  can  go  from  one 
facility  to  another  using  a  different 
package?  Other  than  MDS,  what  data 
standards  are  there? 

Patrick  O’Shea 
IT  administrator, 

Air  Force  Retired  Officers 
Community,  Falcons  Landing, 
Potomac  Falls,  Va., 
poshea@falconslanding.org 


Why  IM  Shouldn’t  Be 
Treated  As  a  Problem 

WHY  CAN’T  THESE  COMPANIES 

just  be  truthful  and  say  that  they 
don't  want  their  users  to  have  a  useful 
tool  that  IT  doesn’t  control  ["Sarbanes- 
Oxley  Trumps  IM  at  Some  Firms," 
QuickLink  56025]? 

There  are  more  than  enough  con¬ 
trols  and  safeguards  available  to  pre¬ 
vent  virus  infections.  If  you’re  going  to 
get  one  from  IM,  then  you  are  going  to 


I 


get  one  from  your  e-mail.  Why?  Be¬ 
cause  you  have  not  taken  the  steps 
necessary  in  a  world  of  hackers. 

My  employer  runs  Symantec  Corpo¬ 
rate  10,  and  we’ve  never  had  a  problem 
from  IM  or  e-mail. 

Ed  Evans 

Microcomputer  specialist,  Texas 
A&M  University,  College  Station, 
evansed@tamu.edu 


Longhorn  Jokes  Lost 
With  Windows  Vista 

WITH  LONGHORN  now  dubbed 
“Windows  Vista”  by  Microsoft, 
I’ve  lost  some  good  jokes:  A  gutted 
subset  for  bottom-of-the-line  comput¬ 
ers  could  have  been  dubbed  “Short¬ 
horn.”  And  a  special  version  designed 
for  PDAs,  a  la  Windows  CE,  could  have 
been  given  the  name  “Shoehorn.” 
Louis  A.  Carliner 
Masaryktown,  Fla., 
lcarliner@earthlink.net 
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Instant  Messaging 
Is  a  Moving  Target 

ONE  POTENTIAL  REASON  why 

there  hasn’t  been  pushback  on 
restoring  instant  messaging  systems 
on  the  desktop  at  the  companies  men¬ 
tioned  in  the  story  “Sarbanes-Oxley 
Trumps  IM  at  Some  Firms"  [QuickLink 
56025]  is  that  the  technology  has 
moved  on.  IM  is  available  on  most  cell 
phones  nowadays,  either  directly  as 
IM  or  indirectly  via  SMS.  I’m  going  to 
guess  that  many  IM  users  do  their 
workday  messaging  through  their  cell 
phones  rather  than  through  a  laptop. 
Winston  Lawrence 
Architect,  enterprise  applications, 
New  York 

Diana  mckenzie,  chairwoman  of 
the  IT  group  at  a  Chicago-based 
law  firm,  is  quoted  as  saying,  “You  can’t 
control  a  phone  call,  so  I  don’t  see  what 
the  difference  is  between  IM  and  a 
phone  call."  Though  I  agree  that  it's 
hard  to  control  the  content  of  either, 
the  practices  and  requirements  regard¬ 
ing  the  recording  and  archival  of  phone 
vs.  other  electronic  communications 
are  well  established.  How  many  wire¬ 
tapping  cases  have  been  heard  estab¬ 
lishing  precedence  on  recording  phone 
conversations?  Far  more  than  that  of 
e-mail  or  IM  recording. 

The  implications  of  the  legal  require¬ 
ments  of  Sarb-Ox  (and  even  HiPAA, 
Gramm-Leach-Bliley  and  others)  have 
not  yet  been  fully  established  in  the 
courts.  That  alone  makes  sufficient  dis¬ 
tinction  when  it  comes  to  corporate  de¬ 
cisions  regarding  risk  and  unknown 
factors.  IM  is  one  such  risk  that  one 
may  well  choose  to  discontinue  until 
the  legal  environment  solidifies. 

Alan  Mercer 
Director  of  technology 
integration,  Baltimore 


Responsible  Firms 
Protect  Their  E-mail 

THE  TENOR  OF  THE  ARTICLE 

“E-mail  Exposure:  Is  Your  Company 
Liable?"  [QuickLink  55572]  is  just  one 
more  indication  of  the  lows  to  which  we 
have  sunk  as  a  society  when  it  comes 
to  blaming  others  for  our  own  mis¬ 
steps.  Corporations  should  exercise 
responsibility  in  this  area.  If  they  use 
electronic  communications  of  any  type 
but  don’t  properly  safeguard  them¬ 


selves  from  the  potential  dangers  (by 
using  firewalls,  virus  protection  soft¬ 
ware,  etc.),  they  are  more  responsible 
than  anyone  else  should  a  virus  or 
worm  be  transmitted  to  them  or  their 
corporate  databases. 

How  much  is  the  integrity  of  your 
corporate  data  worth?  I’m  proud  to  say 
that  I  work  for  a  company  that  takes 
great  pains  to  protect  itself  from  such 
problems  and  has  been  exceedingly 
successful  at  doing  so. 

Jim  Lawrence 

QA  analyst,  Mechanicsburg,  Pa. 


Execs  Aren’t  Always 
To  Blame  for  Failures 

Lack  of  executive  support  is 

often  blamed  as  a  cause  of  project 
failure  when  in  fact  it’s  an  effect  of  a 
project  that  is  already  failing  [“The  Elu¬ 
sive  Executive  Sponsor,”  QuickLink 
55508], 

Robin  F.  Goldsmith 

President,  Go  Pro  Management 
Inc.,  Needham,  Mass., 
robin@gopromanagement.com 


How  to  Secure  Linux, 
Unix  Database  Files 

■  ENJOYED  C.J.  Kelly’s  article  “Getting 
Started  on  Database  Security” 
[QuickLink  55461]  very  much.  One 
thought  I  might  add  to  hers  on  file 
privileges  on  Unix  and  Linux  follows. 

When  I  was  doing  this  sort  of  thing 
years  ago  (before  there  were  any  “se¬ 
curity  manager”  jobs),  I  secured  data¬ 
bases  and  access  by  using  the  “user" 
and  “group”  access  bits,  so  that  all 
database  files  -  data  and  executables  - 
were  owned  by  an  application-specific 
ID  and/or  the  database  application 
group  and  were  otherwise  unshared. 
The  SQL-running  utilities  (such  as  iSQL 
for  Sybase)  were  strictly  owned  by  the 
database  application  ID  and  strictly  un¬ 
shared,  with  the  user  and  group  bits  on. 
When  the  SQL  utility  was  needed  in  an 
application,  it  was  launched  from  with¬ 
in  that  application. 

That,  combined  these  days  with  a 
robust,  external  user  authentication 
system,  would  seem  to  secure  the  data 
rather  well.  These  days,  total  database 
encryption  is  an  option,  although  in  the 
old  days  there  was  too  big  a  perfor¬ 
mance  price  for  it. 

Dick  Lincoln 
Skillman,  N.J. 


Hold  Outsourcers 
Liable  for  Data 

The  ARTICLE  CALLED  “Report: 

Black  Market  Growing  for  Offshore 
Data”  [QuickLink  56243],  which  de¬ 
tailed  the  compromising  of  Australian 
customer  data  by  outsourcers  in  India, 
is  very  disturbing.  In  order  to  save 
money,  companies  appear  to  be  willing 
to  gamble  on  third-party  outsourcers, 
be  they  in  the  same  country  or  in  a  for¬ 
eign  country.  I  suspect  the  feeling 
among  many  companies  is  that  they 
can  always  blame  someone  else  and 
escape  penalties.  This  should  not  be 
possible. 

I  would  suggest  that  lawmakers 
around  the  world  revise  their  privacy 
protection  laws  to  hold  all  parties 
equally  responsible.  For  example,  if 
Megasales  of  Chicago  contracts  with 
Cheapcalls  of  Bangalore,  India,  to 
handle  calls,  and  Cheapcalls  compro¬ 
mises  the  data  of  Megasales  cus¬ 
tomers  in  a  way  for  which  the  penalty  is 
$1  million,  then  both  Megasales  and 
Cheapcalls  should  be  penalized  $1  mil¬ 
lion.  This  is  akin  to  the  law  related  to 
accessory  before  the  fact  of  a  murder, 


SCHEMA  COMPLEXITY  is  a  real 
problem,  but  it  is  not  due  to  the 
relational  paradigm  [“Time  for  a  New 
View  of  Data  Management,”  QuickLink 
55953],  The  simple  fact  is  that  the 
domain  of  information  managed  as 
data  has  grown  larger  than  the  average 
IT  professional  can  understand.  No 
change  in  representational  methods, 
data  communication  protocols  or  ana¬ 
lytical  processing  engines  can  reduce 
the  inherent  complexity  of  the  universe 
of  knowledge  that  today's  business 
users  want  to  control. 

The  problems  created  by  excessive 
normalization  or  by  incorporation  of  all 
known  data  into  a  single  schema  are 
not  fundamental  properties  of  the  rela¬ 
tional  paradigm;  they  are  design  choic¬ 
es  made  by  data  architects.  There 
is  nothing  inherent  in  the  relational 
methodology  to  prevent  creating  a 
system  of  understandable  chunks  of 
knowledge,  each  linked  to  others  by 
join  tables  in  the  same  way  that  the  fact 
table  of  a  star  schema  joins  all  the  di¬ 
mensions  in  a  dimensional  hypercube 
data  warehouse.  There  is  also  nothing 
in  current  relational  DBMS  technology  ! 


in  which  all  parties  may  be  found  guilty 
of  murder,  regardless  of  who  pulled  the 
trigger  or  wielded  the  knife. 

Joe  B.  Davis 
Fort  Lawn,  S.C., 
jbdavis@infoave.net 


Projects  Need  Rules 
For  Regular  Workers 

■  HAVE  JUST  FINISHED  reading  Andy 
Boynton’s  “Throw  Out  the  Rules” 
[QuickLink  55578],  and  I  feel  like  I  am 
back  in  the  1970s.  I  have  led  and  been 
successful  with  elite  teams  on  critical 
projects  for  large  companies,  and  I 
know  there  are  rules  that  are  neces¬ 
sary  for  effective  development  and  de¬ 
ployment  of  applications.  Not  the  least 
of  these  is  the  requirement  to  meet 
standards  for  documentation  of  com¬ 
pleted  work  so  that  others  not  so  elite 
can  run,  manage,  change  and  make 
additions  to  the  team’s  work  after  they 
are  long  gone. 

These  are  not  arbitrary  rules  and 
standards  but  are  necessary  if  chaos  is 
not  to  be  created,  as  will  happen  if  the 
teams  have  not  incorporated  links  and 
business  rules  so  that  their  product  fits 
seamlessly  into  the  work  queue. 

By  all  means,  do  not  omit  the  type  of 
team  defined  in  the  article.  But  do  not 


that  requires  all  data  for  all  purposes  to 
reside  in  a  single  database,  or  in  multi¬ 
ple  databases  managed  by  a  single 
DBMS  instance  or  engine. 

There  are  three  properties  that  are 
guaranteed  by  valid  relational  models 
that  can’t  be  guaranteed  any  other  way. 
The  first  is  that  any  correctly  stated 
query  will  resolve  into  some  result  set. 

The  second  is  that  every  atomic 
fact  is  stored  only  once,  so  while  the 
data  may  be  incorrect,  it  can’t  be  in¬ 
consistent. 

The  third  is  that  if  proper  integrity 
constraints  are  used,  any  data  once 
stored  can  be  retrieved  by  a  properly 
formulated  query  regardless  of  any  oth¬ 
er  data  insertions,  deletions  or  modifi¬ 
cations  that  may  have  occurred  since 
that  data  was  entered.  No  other  data 
storage  paradigm  developed  before  or 
since  can  provide  these  assurances. 

XML,  OLTP,  Web  services  and  all 
the  other  modern  methods  invoked  by 
Curt  A.  Monash  are  not  essentially  pri¬ 
mary  data  storage  methods.  They  are 
application-based  approaches  to  data 
usage.  One  fundamental  fact  of  the  his¬ 
tory  of  data  storage  is  that  data  itself, 


infer,  as  I  believe  the  author  has  done, 
that  they  are  the  be-all  and  end-all  for 
success.  Nothing  could  be  further  from 
the  need  to  deal  with  the  complex  real 
world  of  the  business. 

Norman  H.  Carter 
President  and  CEO,  Development 
Systems  International,  Los 
Angeles,  dsicarte@sbcglobal.net 


Mainframer  Experts 
Deserve  Better 

After  reading  the  article  “IBM, 
Users  Work  to  Attract  Young  Main- 
framers”  [QuickLink  56383]  and  the 
related  “Shortage  of  Mainframe  Skills 
May  Give  IT  Execs  Gray  Hairs”  [Quick¬ 
Link  55867],  I  suspect  that  what  U.S. 
employers  really  want  is  to  attract  the 
younger,  low-wage,  entry-level  type  of 
employees  into  the  mainframe  world. 

In  today's  labor  market,  U.S.  em¬ 
ployers  have  gotten  used  to  exploiting 
MCSE  types  at  $10/hour  jobs  and  want 
the  same  advantage  over  mainframers. 
What  else  explains  the  number  of  vet¬ 
eran  DP’ers  and  mainframers  either 
underemployed  or  in  the  unemploy¬ 
ment  line? 

Steve  Youschak 

Contract  consultant,  Pittsburgh, 
youscs@hotmail.com 


and  its  inherent  relationships,  are  10 
times  more  stable  than  the  business 
uses  to  which  it  is  put,  the  processes 
executed  upon  it  and  the  applications 
used  to  perform  those  processes. 

There  has  to  be  a  place  to  keep  one  real, 
certain  copy  of  the  actual,  atomic  infor¬ 
mation,  regardless  of  how  it  arrived, 
where  it  will  go  and  how  it  will  be  input 
and  output. 

Issues  of  input  data  quality,  missing 
data  and  security  are  not  inherent  to 
relational  methods,  having  first  arisen 
long  before  the  relational  paradigm 
was  invented.  Problems  of  complexity, 
human  error,  trust  and  the  like  will  al  ¬ 
ways  be  with  us,  as  will  the  need  for 
protocols,  procedures,  training  and 
skills  with  which  to  mitigate  those 
problems. 

Replacing  structured  data  storage 
with  unstructured  data  storage  will  cer¬ 
tainly  not  make  them  go  away,  and  it  will 
certainly  bring  back  those  problems  that 
we  now  do  not  have  because  they  were 
solved  by  the  advent  of  relational  struc¬ 
tured  methods. 

David  P.  Vernon 

Tucson,  Ariz.,  vdpphd@qwest.net 


Relational  Data  Storage  Paradigm  Is  a  Valid  Response  to  Complexity 


The  world’s  most-deployed  server 
platform  now  supports  64-bit  applications. 

The  Intel®  Xeon™  processor  now 
works  harder  for  your  business  than  ever. 
With  innovative  platform  features  that  enable 
power-saving  options,  flexible  memory,  I/O  and  storage 
configurations.  And,  of  course,  continued 
support  for  all  your  existing  32-bit  applications. 
How  can  Intel  Xeon  processor-based  servers  serve  you? 

intel.com/go/xeon 
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With  Sybase®  software,  the  PRC  Ministry  of  Railways 
developed  an  innovative  ticket  sales  and  reservation  system  that: 


0'  Processes  passenger  traffic  of  more  than  one  billion  people  a  year 

3  Handles  up  to  5,000  ticket  requests  simultaneously 

5/c  aptures  and  analyzes  passenger  data  on  national,  regional  and  local  levels 


Replacing  an  outdated,  paper-based  ticketing  system  that  supports  one  of  the  largest  railway  networks  in  the  world  is  a  monumental  task.  That's  why, 
when  the  People's  Republic  of  China  (PRC)  Ministry  of  Railways  wanted  the  right  technology  partner,  they  chose  Sybase.  Using  Sybase  Adaptive  Server® 
Enterprise,  Sybase®  10,  and  Replication  Server®  software,  the  PRC  created  an  information  edge  that  enables  passengers  to  purchase  round-trip  or 
one-way  tickets  from  24  regional  ticket  centers,  510  booking  systems  and  over  5,000  counter  terminals.  That  means  customers  are  happier.  Employee 
productivity  is  up.  And  trains  are  filled  with  people... and  profits,  www.sybase.com/infoedgell6 

Sybase 
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IT  governance  can  be  hard  to  define,  but 
companies  increasingly  impose  policies 
and  use  software  tools  to  optimize  projects,  processes  and  assets 
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and  make  sure  they  can  audit  them.  By  Sue  Hildreth 


IT  was  the  late  1990s,  in  the  busy,  boom  years  of 
high  tech.  At  The  Burlington  Northern  and  Santa 
Fe  Railway  Co.,  IT  employees  were  scrambling 
to  tackle  a  backlog  of  IT  projects  that  had  accu¬ 
mulated  during  a  merger  that  the  railroad  had  re¬ 
cently  completed.  The  joining  of  the  Burlington 
Northern  and  Santa  Fe  railroads  into  BNSF  had  ne¬ 
cessitated  an  all-out  effort  to  merge  the  two  compa¬ 
nies’  IT  systems  —  a  huge  project  that  IT  staffers  had 
dubbed  jokingly  their  “mission  from  God.”  Now, 
however,  they  were  playing  catch-up  with  all  of  the 
other  IT  demands  of  the  two  companies  —  an  effort 
that  was  threatening,  they  say,  to  become  their  “mis¬ 
sion  from  hell.” 

“We  had  to  ignore  the  other  IT  needs  of  the  mere 
mortals  in  the  business  to  get  the  merger  done,” 
says  Jeff  McIntyre,  assistant  vice  president  of  tech¬ 
nology  services  at  Fort  Worth,  Texas-based  BNSF. 
“But  we  knew  we  would  have  a  barrage  of  demand 
afterward.” 

To  get  a  handle  on  the  projects,  McIntyre  and  his 


staff  deployed  TeamPlay  software  from  Primavera 
Software  Inc.  in  Bala  Cynwyd,  Pa.,  to  catalog  all  the 
projects  and  break  them  down  into  steps  and  re¬ 
quired  resources.  That  project  management  effort 
was  the  first  stage  in  BNSF’s  eventual  IT  governance 
program. 

Why  Governance? 

Project  management  is  one  of  several  IT  manage¬ 
ment  fields  that  have  come  together  under  the  broad 
umbrella  of  IT  governance.  Today,  governance  in¬ 
cludes  not  only  project  management  but  also  change 
management,  application  life-cycle  management,  as¬ 
set  and  resource  management,  portfolio  management 
and,  often,  security  management.  It’s  essentially  the 
comprehensive  management  of  every  component  of 
IT  operations  and  entails  cataloging,  tracking  and  or¬ 
chestrating  IT  projects,  processes  and  assets. 

The  reasons  for  implementing  IT  governance  are 
as  varied  as  the  category  is  broad.  For  some  organiza¬ 
tions,  IT  governance  is  mainly  driven  by  the  need  to 


comply  with  regulations  like  the  Sarbanes-Oxley  Act. 
It  means  creating  audit  trails  and  storing  files  in  a 
more  organized  way.  For  others,  IT  governance  is  all 
about  squeezing  extra  efficiency  out  of  the  organiza¬ 
tion  and  making  sure  that  IT  is  supporting  the  most 
critical  business  needs.  And  for  yet  others,  it  means 
enforcing  the  company’s  best  practices. 

“It’s  a  very  broad  and  fuzzy  topic,  but  basically 
there  are  four  elements  of  IT  governance,”  says  Rob 
Dietrich,  chief  technology  officer  at  MKS  Inc.  in 
Waterloo,  Ontario.  “The  first  is  aligning  IT  with  the 
strategic  goals  of  the  business.  The  second  is  effec¬ 
tive  and  efficient  use  of  resources.  The  third  is  risk 
management.  The  fourth  is  visibility  into  the  overall 
IT  operation.” 

Like  BNSF,  many  companies  took  their  first  steps 
into  IT  governance  with  project  management  initia¬ 
tives  and  software.  Over  the  past  several  years,  the 
category  has  grown  to  incorporate  a  growing  range 
of  management  and  technology  capabilities. 

At  BNSF,  one  of  the  forces  driving  the  adoption  of 
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IT  governance  was  the  need  to  comply  with 
Sarbanes-Oxley,  which  mandates  openness  and 
audit  trails  in  financial  reporting.  A  private  audit 
had  recommended  changes  to  BNSF’s  development 
process,  since  many  of  the  applications  involved 
financial  activities.  To  ensure  compliance,  IT  man¬ 
agers  implemented  another  type  of  tool  that  has 
become  part  of  the  IT  governance  portfolio  —  appli¬ 
cation  management  software.  Application  manage¬ 
ment  products  provide  automated  workflows  and 
electronic  sign-offs  that  help  to  enforce  consistent 
and  auditable  development  processes.  BNSF  chose 
tools  from  MKS. 

Sarbanes-Oxley  “certainly  had  an  impact  on  the 
application  development  life  cycle  and  the  need  for  it 
to  be  crisply  documented,  with  sign-offs  and  so 
forth,”  says  McIntyre. 

Defining  IT  Governance  Applications 

Many  IT  management  applications  claim  to  enable 
IT  governance,  mainly  because  there  are  so  many  IT 
functions  that  can  benefit  from  governance. 

“It  is  an  emerging  market,  and  vendors  approach  it 
from  different  angles,”  says  Jason  Bloomberg,  an  ana¬ 
lyst  at  ZapThink  LLC,  an  IT  research  and  consulting 
firm  in  Waltham,  Mass.  An  effective,  full-fledged  IT 
governance  product  must  perform  four  functions,  he 
says.  “It  must  provide  a  way  for  management  to  com¬ 
municate  its  policies.  It  must  give  rank-and-file  em¬ 
ployees  a  way  to  implement  the  policies.  It  must  give 
management  visibility  into  whether  the  policies  are 
being  followed.  And  it  should  include  mitigation 
techniques,  so  if  there  is  a  problem,  there  is  a  way  to 
fix  it,”  he  says. 

IT  governance  applications  may  also  support  one 
of  the  major  IT  best  practices  frameworks,  such  as 
the  Control  Objectives  for  Information  and  Related 
Technology,  the  Committee  of  Sponsoring  Organiza¬ 
tions  of  the  Treadway  Commission’s  internal  control 
and  enterprise  risk  management  frameworks,  or  the 
Information  Technology  Infrastructure  Library, 
which  publishes  best  practices 
guidelines  for  things  such 
as  change  management,  prob¬ 
lem  management  and  security 
management. 

“Don’t  look  at  IT  governance 
as  just  a  technology  solution, 
but  as  a  business  framework,” 
advises  Kris  Lovejoy,  CTO 
at  Consul  Risk  Management 
Inc.,  a  provider  of  compliance 
products  and  services  in  Hern¬ 
don,  Va. 

Gaining  Control 

As  one  CIO  quipped,  the 
biggest  benefit  of  IT  gover¬ 
nance  at  his  organization  is  that 
“no  one’s  gone  to  jail  yet.” 

There’s  no  doubt  that  comply¬ 
ing  with  Sarbanes-Oxley  and 
keeping  senior  executives  out 
of  trouble  is  a  key  driver  be¬ 
hind  many  IT  governance  proj¬ 
ects.  Nevertheless,  the  greatest 
operational  payback  often 


So  the  organization  decided  to  consolidate  all  of 
its  I F  data  —  everything  from  metadata  on  applica¬ 
tions  and  hardware  to  project  budgets  and  employee 
time  sheets  —  into  a  single  database.  The  idea  was  to 
be  able  to  analyze  and  report  on  related  data  more 
easily,  explains  Cynthia  Hilterbrand,  formerly  direc¬ 
tor  of  IT  business  development  and  planning  at  Inte- 
gris.  “We  wanted  to  get  our  arms  around  things  and 
track  and  monitor  all  our  resources  and  projects,” 
she  says. 

Integris  didn’t  stop  with  merely  cataloging  its  data, 
however.  Using  Compuware  Corp.’s  Changepoint 
management  software,  the  organization  began  track¬ 
ing  IT  projects  and  tasks  and  defining  processes  for 
all  sorts  of  IT  activities  such  as  purchasing  equip¬ 
ment  or  handling  medical  records. 

Automating  Processes 

Like  asset  management,  process  management  is  an¬ 
other  area  in  which  IT  governance  can  provide  bene¬ 
fits.  A  corporation  can  define  its  guidelines  for  every 
IT  activity  and  then  code  that  into  the  workflow  of 
the  IT  governance  software.  Each  activity  will  then 
be  automated  so  that  employees  can’t  easily  deviate 
from  the  prescribed  process.  That  enables  IT  to  bet¬ 
ter  enforce  standards  on  all  employees,  regardless 
of  rank. 

“Executives  wouldn’t  always  follow  their  own 
rules,”  says  Hilterbrand.  “We  needed  IT  governance, 
which  says,  ‘OK  guys,  these  are  the  rules  and  we  all 
have  to  play  by  them.’  It  makes  everything  visible.” 

Governance  software  can  help  enforce  policies  by 
imposing  automated  workflows,  checklists,  status 
alerts  and  sign-offs.  It  can  also  provide  an  audit  trail 
to  prove  whether  an  organization  is  following  its 
own  stated  processes  —  something  that  has  become 
particularly  important  for  companies  seeking  to 
comply  with  Sarbanes-Oxley. 

The  process  management  aspect  of  IT  governance 
can  also  deliver  benefits  in  the  management  of 
outsourcers.  Processes  inevitably  differ  among  orga¬ 
nizations,  and  communication 
can  be  difficult  when  dealing 
with  a  remote  IT  team. 

When  Tyco  Fire  and  Security 
in  Boca  Raton,  Fla.,  decided  to 
install  VA  Software  Corp.’s 
SourceForge  software  develop¬ 
ment  management  application, 
the  manufacturer  of  fire  protec¬ 
tion  and  security  products 
hoped  to  standardize  processes 
between  its  offshore  contract 
programmers  and  its  in-house  IT 
staff.  Tyco  had  problems  with 
projects  missing  deadlines, 
processes  not  being  followed 
and  quality  goals  not  always  be¬ 
ing  met. 

“We  felt  it  was  getting  nearly 
out  of  control,”  says  Kristine 
Koneck,  director  of  global  tech¬ 
nology  services  at  Tyco.  “We 
couldn’t  keep  track  of  what  our 
outsource  partner  was  doing.” 
Also,  developers  wasted  a  lot  of 
time  —  as  much  as  eight  hours  a 


comes  from  improving  asset  and  resource  manage¬ 
ment,  says  Melinda  Bailou,  an  analyst  at  IDC,  an  IT 
research  firm  in  Framingham,  Mass. 

“There  is  a  lot  of  politicization  around  resource  al¬ 
location,  with  different  groups  vying  for  the  same 
constrained  resources,”  she  explains.  “Unfortunately, 
most  organizations  barely  have  an  inventory  of  their 
applications.” 

Pittsburgh-based  Highmark  Blue  Cross  Blue  Shield 
is  a  case  in  point.  With  121  applications  and  some  60 
million  lines  of  Cobol  and  Java  code,  the  insurance 
provider  had  a  large  investment  in  code  and  a  good 
reason  to  want  to  increase  component  reuse. 

Last  year,  Highmark  discovered  that  despite  the 
existence  of  a  component-reuse  strategy  for  internal 
software  development,  programmers  weren’t  recy¬ 
cling  code.  The  reason:  They  simply  didn’t  know 
where  to  find  these  reusable  components.  “We  have 
a  component  strategy,  but  we  weren’t  getting  the  lev¬ 
el  of  reuse  we  expected  because  people  didn’t  have  a 
place  to  go  to  find  out  what’s  available,”  says  Mike 
Kronenwetter,  vice  president  of  technology  manage¬ 
ment  at  Highmark. 

To  provide  a  central  library  of  such  components, 
Highmark  bought  Logidex  from  LogicLibrary  Inc.  in 
Pittsburgh  to  house  and  manage  its  software  assets. 
“Now  Logidex  will  be  the  system  of  record  for  all  our 
development  assets,”  says  Kronenwetter. 

Integris  Health  Inc.,  a  not-for-profit  health  care 
organization  in  Oklahoma  City,  also  needed  better 
oversight  of  its  IT  resources.  In  1999,  Integris’  IT 
staff  was  stretched  thin  from  handling  tasks  relating 
to  a  recent  merger  and  was  caught  in  a  tug  of  war 
between  competing  business  managers  from  the 
newly  merged  units.  IT  couldn’t  easily  prioritize 
projects  because  it  lacked  a  standard  process  for 
doing  so,  and  IT  staffers  had  no  standard  place 
for  tracking  projects  and  storing  their  project 
files.  When  someone  called  in  sick,  a  replacement 
might  spend  hours  trying  to  locate  needed  files 
and  documents. 


The  IT  Report  Card 


IT  governance  isn’t  just  about  enforcing  poli¬ 
cies.  As  Jeff  McIntyre,  assistant  vice  presi¬ 
dent  of  technology  services  at  Burlington 
Northern  and  Santa  Fe  Railway,  observes, 
governance  can  also  help  IT  prove  its  value 
to  the  business  side  of  the  organization. 

The  1,100-member  IT  staff  at  BNSF  care¬ 
fully  records  every  hour  they  worked,  listing 
the  project  and  department  for  which  the 
work  was  done.  That  information  then  be¬ 
comes  part  of  a  report  card  the  staff  has 
dubbed  “Showback”  -  a  mock  form  of  a 
“chargeback”  -  that’s  distributed  to  business 
managers  to  show  them  how  they’re  using 
IT  resources. 

“We  can  drill  down  and  see  how  much  of 


the  IT  expenses  were  used  by  the  marketing 
department  and  which  applications  were 
used,  which  people,  what  PCs  and  printers, 
the  telecommunications  expense,  etc.,” 
says  McIntyre,  who  adds  that  the  system  not 
only  shows  business  managers  where  the  IT 
money  is  going  but  also  inspires  IT  workers 
to  make  applications  and  IT  systems  perform 
more  efficiently. 

“They  can  see  now  that  if  this  module  were 
tuned  better,  it  could  result  in  fewer  hours  of 
computing  consumption,”  says  McIntyre. 
“We’ve  banked  anywhere  from  $1  million  to 
$2  million  in  savings  a  year  in  our  operating 
budget  over  the  past  couple  of  years.” 

-  Sue  Hildreth 
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week  —  searching  for  work-related  documents, 
she  says. 

The  SourceForge  tool  provided  them  with  collabo¬ 
rative  tools,  a  repository  for  storing  all  project  files, 
and  defined  workflows  to  enforce  processes  and 
deadlines.  Since  implementation,  the  number  of 
projects  delivered  on  deadline  has  risen  by  30%, 
according  to  Koneck. 

Toward  an  IT  Governance  Platform 

While  many  products  within  the  IT  governance 
arena  still  target  only  certain  functions,  such  as  proj¬ 
ect  management  or  security  management,  a  growing 
number  are  building  or  buying  additional  modules  to 
span  virtually  all  IT  activities,  uniting  them  under  a 
single  dashboard. 

For  instance,  Lovejoy  points  to  BMC  Software 
Inc.’s  suite  of  products,  which  together  cover  identity 
management,  asset  management,  application  man¬ 
agement,  event  management  and  change  manage¬ 
ment.  Likewise,  vendors  such  as  IBM,  Computer 
Associates  International  Inc.  and  Mercury  Interac¬ 
tive  Corp.  also  have  products  that  can  make  up 
much,  or  all,  of  an  IT  governance  suite. 

The  value  of  having  various  governance  tools  in 
one  suite  is  that  they  offer  the  ability  to  share  data 
for  analysis  and  reporting  and  to  provide  a  dash¬ 


board  view  into  whatever  combination  of  informa¬ 
tion  a  manager  wants  to  see. 

The  benefits  of  this  suite  approach  became  obvi¬ 
ous  to  Nielsen  Media  Research  Inc.  after  it  imple¬ 
mented  Mercury’s  IT  Governance  Center  software 
earlier  this  year.  New  York-based  Nielsen  started 
with  the  product  portfolio  management  component, 
then  added  resource  management.  It  plans  to  soon 
add  the  demand  management  and  program  manage¬ 
ment  components. 

Because  all  of  these  functions  are  components  in  the 
IT  Governance  Center  suite,  Nielsen  can  easily  imple¬ 
ment  them  as  needed.  Moreover,  managers  can  quickly 
view  all  data  pertaining  to  a  particular  product  or  pro¬ 


gram  via  a  central  dashboard,  says  Christina  Carbone, 
a  director  for  quality  and  measurement  at  Nielsen. 
The  company  also  uses  Mercury’s  TestDirector  and 
Quality  Center  tools,  which  will  be  integrated  with 
the  demand  management  component  for  better  man¬ 
agement  of  the  daily  production  of  products. 

As  Carbones  explains,  “Having  that  single  view  of 
your  portfolio,  resources,  demand  management,  test¬ 
ing  requirements  and  project  status  —  it  gives  you  a 
single  view  into  the  total  health  of  all  of  your  proj¬ 
ects.”  ©  57257 


Sue  Hildreth  is  a  freelance  writer  based  in  Waltham, 
Mass.  She  can  be  reached  at  Sue.Hildreth@comcast.net. 
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Microsoft’s  man 
in  charge  of  Office 
takes  a  look  at  the 
desktop  app  from 
a  developer’s 
point  of  view 


Microsoft  Corp.  Senior 
Vice  President  Steven 
Sinofsky  manages  re¬ 
search  and  development 
for  the  company’s  Office 
System  products.  He 
recently  spoke  with 
Computerworld’s 
Carol  Sliwa  about  the 
new  Office  12  release, 
which  is  due  next  year. 

What  is  your  vision  for  corporate  IT  develop¬ 
ers  who  write  enterprise  applications?  Are 
you  trying  to  get  more  of  them  to  use  Office 
as  the  user  interface  to  the  applications  they 
develop?  For  many,  many  years  and 
many  releases,  corporate  IT  shops 
have  used  Office  as  a  front  end  for 
their  systems,  whether  it’s  expense  re¬ 
porting  in  Excel  or  contract  prepara¬ 
tion  in  Word,  or  even  presentation  li¬ 
braries  in  PowerPoint,  and  certainly 
Access  for  tracking  or  for  applying  dif¬ 
ferent  data  sources. 

What  we’ve  heard  from  them  is  that 
much  of  their  application  development 
is  moving  to  much  bigger  line-of-busi- 
ness  systems.  It  used  to  be,  “Build  a 
quick  solution  using  Word  to  do  con¬ 
tracts  that  work  in  the  department.” 
Now  they  want  those  contracts  to  be 
connected  to  the  line-of-business  data. 
So  what  we’ve  done,  starting  with  Of¬ 
fice  2003,  is  really  increase  the  level 
of  platform  support  for  building  line- 
of-business  solutions. 

In  what  ways?  Let  me  give  you  two  ex¬ 


amples.  One  is  the  XML  file  format  in 
Office,  which  we  released  the  specifi¬ 
cations  for.  We’ve  had  some  of  that  in 
Office  2003.  All  the  solutions  that  in¬ 
volve  Office  involve  manipulating  files 
and  working  with  them.  Today,  to  do 
that,  you  have  to  start  up  the  Office 
client  and  manipulate  the  file  through 
the  object  model.  That’s  very  tricky 
code  to  write,  and  it’s  been  a  source  of 
engineering  challenges. 

With  the  XML  file  format,  you  can 
actually  use  any  standard  XML  tool  to 
create  and  manipulate  the  information 
in  the  document.  You  could  write  a 
server  process  that,  from  the  ether, 
synthesizes  an  Office  document.  You 
can  build  an  XML  transform  that 
would  take  a  document  and  extract  the 
summary  of  it  or  change  some  of  the 
properties  and  retarget  it  for  another 
use.  Those  are  the  kind  of  things  that 
people  used  to  write  a  lot  of  code  for, 
but  you  can  now  do  it  in  a  more  robust 
way  with  the  open  file  format. 

At  the  other  end  of  the  spectrum  are 
examples  about  the  whole  role  of  using 
a  server  as  a  place  to  store  important 
data.  I  visited  a  United  Nations  organi¬ 
zation  that  relies  heavily  on  Access 
databases.  The  problem  that  the  IT 
group  had  [was]  they  found  the  same 
Access  databases  copied  all  over  their 
organization,  and  they  couldn’t  figure 
out  which  one  was  the  definitive  copy. 

What  IT  has  lacked  is  a  server  plat¬ 
form  to  build  an  application  on  in  an 
easy  way.  So  what  we’ve  built  with 
SharePoint  is  a  way  for  end  users  to 
easily  create  those  tables  that  they 
want  to  use  as  lists.  They  can  use  tools 
like  Access  for  fancy  reporting.  And  IT 
can  control  and  manage  that  data  out 
on  SharePoint,  and  it  scales  for  the  en¬ 
terprise.  That’s  so  much  easier  than 
trying  to  say,  “What  we’d  really  like  to 
do  is  put  it  all  in  SQL,”  because  once 
they  say  that,  they  become  the  bottle¬ 
neck  for  getting  that  work  done.  They 
don’t  have  the  resources  for  every  little 
group  that  wants  to  have  a  database. 

Will  tying  applications  to  SharePoint  be  a 
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prime  focus  with  Office  12?  When  you 
deploy  it,  you  develop  against  it.  You 
don’t  just  install  it  and  use  it.  You’ve 
got  to  create  a  bunch  of  Web  parts,  and 
you’re  going  to  deploy  the  search  ser¬ 
vice  and  things  like  that. 

We’ve  really  upped  the  platform  ele¬ 
ments  of  the  server  functionality  in 
Office  12.  We  have  a  foundation  called 
Windows  SharePoint  Services,  and 
that’s  the  base  [application  program¬ 
ming  interface]  for  doing  all  of  the 
functionality.  Then  [there  is]  a  set  of 
services.  Each  of  those  services  repre¬ 
sent  applications  built  on  that  API.  At 

the  same  time,  each  of  _ 

those  services  is  itself  a 
platform  that  people  can 
write  to. 

Take  one  example:  Excel 

Services,  the  ability  to  do  _ 

business  intelligence  re¬ 
porting  from  within  the  Office  12  sys¬ 
tem.  By  itself,  it’s  merely  a  way  of  ren¬ 
dering  spreadsheets  through  a  browser 
interface,  which  is  neat,  but  unless 
there’s  a  developer  in  the  picture,  it 
won’t  do  anything.  A  developer  has  to 
set  up  a  SQL  Server  database  that  gets 
their  sales  information,  build  an  ana¬ 
lytical  processing  cube  to  get  to  that 
data  and  then  construct  the  model  that 
in  Excel  connects  to  that  data.  But  once 
they  do  that,  then  they  just  push  that  to 
the  SharePoint  site,  and  it’s  now  visible 
in  a  browser  to  everybody.  Everybody 
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can  reuse  all  that  information  that 
they’ve  done  by  just  pushing.  They’re 
using  an  Excel  button,  or  they  can  do 
pivoting  and  analysis  and  charts  within 
the  browser. 

If  corporate  IT  developers  use  any  Office  ap¬ 
plication  as  a  front  end,  it  seems  to  be  Excel. 

Any  system  that  involves  financial  in¬ 
formation,  no  matter  what  front  end 
they  create  for  it,  if  the  system  is  going 
to  be  successful,  the  front  end  has  an 
“export  to  Excel”  button. 

My  first  job  while  I  was  in  college  as 
an  intern  was  working  in  a  manufac¬ 
turing  organization.  We  spent  all  day 
during  the  summer  getting  requests  for 
the  reports  to  be  sorted  a  different  way, 
organized  a  different  way,  with  a  differ¬ 
ent  set  of  columns  or  subfolders  one 
way.  And  the  truth  is,  that  hasn’t  really 
changed  in  terms  of  requests  to  IT.  But 
what’s  changed  is  they  don’t  have  peo¬ 
ple  like  me  sitting  there  waiting  to  hear 
that  they  want  the  data  sorted  a  differ¬ 
ent  way.  They  send  a  report  out  elec¬ 
tronically.  It’s  sitting  on  a  Web  page. 
And  then  you  watch  these  poor  end 
users  cutting  and  pasting,  trying  to 
Figure  out  how  to  get  it.  The  best  ex¬ 
amples  of  really  great  line-of-business 
systems  export  the  information  to 
Excel  in  a  way  that  you  can  just  say, 
“Look,  I’m  the  field  manager.  I  know 
what  metrics  are  important.  I’m  here 
trying  to  figure  out  our  supply  chain. 
And  if  I  can’t  get  to  the  data,  I  can’t 
make  the  system  work  better.” 

What  we  see  time  and  time  again,  no 
matter  what  business  intelligence  sys¬ 
tem  people  are  using,  Excel  is  the  most 
popular  front  end.  There’s  a  lot  of  sys¬ 
tems  in  between,  and  many  IT  people 
hope  that  that’s  the  definitive  one,  that 
whatever  Web  page  they  can  create  is 
the  one  that  everyone  will  use.  But  it 
turns  out  that  you’re  paying 
people  a  lot  of  money  to 
make  decisions  on  the  in¬ 
formation  in  an  organiza¬ 
tion,  and  they’re  going  to 
make  the  decisions  based 
on  analyzing  and  synthesiz¬ 
ing  the  data,  combining  data  sources 
that  the  IT  group  didn’t  think  about. 

And  so  all  of  the  tools  out  there  to¬ 
day,  SAP  as  an  ERP  system  or  Hyperi¬ 
on  as  a  BI  system,  all  export  to  Excel, 
export  to  Access.  The  most  popular 
reporting  language  to  output  is  RTF, 
which  is  a  format  that  Word  under¬ 
stands,  because  even  though  all  that 
stuff  gets  dumped  to  Word,  they  still 
want  to  edit  it  and  change  it,  and  then 
it  has  to  all  end  up  in  PowerPoint,  be¬ 
cause  someone  has  got  to  tell  the  boss 
what’s  going  on.  ©  57245 
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HP  Proliant  BL20p  G3  blade  server 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Intel®  Xeon™  Processors  (3.60GHZ/2MB)' 

•  High  density:  Up  to  48  servers  per  rack 

■  Flexible/Open:  Integrates  with  existing  infrastructure 

■  HP  Systems  Insight  Manager™:  Web-based  networked 
management  through  a  single  console 

•  Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 

■  Integrated  Cisco  or  Nortel  switch  options 


HP  STORAGEWORKS  MSA1500cs 


Get  2TB  of  Storage  Free  ($2,800  Value)1 

■  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

■  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 

■  Ability  to  mix  SCSI  and  Serial  ATA  enclosures 
for  greater  flexibility 

•  2GB/ 1GB  Fibre  connections  to  host 


The  HP  ProLiant  BL20p  G3  blade  server  with  the  Intel’  Xeon™  Processor  simplifies  server  management.  In  fact,  its 
so  simple,  you  can  even  manage  it  remotely  through  leading  Web  browsers  using  HP  iLO  technology.  And 
not  only  is  it  simple  to  manage,  it's  also  simple  to  monitor  and  set  up.  It  all  starts  with  the  Rapid  Deployment  Pack, 
giving  you  an  automated  setup  process  to  configure  and  deploy  servers  at  high  volume  and  a  rapid  pace. 
Then  HP  Systems  Insight  Manager™  gives  you  a  real-time  overview  of  system  performance,  even  alerting  you 
to  potential  problems  before  they  occur.  Plus,  you  can  bundle  it  with  the  HP  StorageWorks  MSA1500cs  to  make 
storing  your  data  simple,  scalable  and  affordable.  So  with  HP,  you  get  more  expertise  before  you  buy,  more 
technology  when  you  do  and  more  support  after.  Wherever  you  happen  to  be. 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SERVICES 


Download  a  free  IDC  white  paper: 

Reducing  Total  Cost  of  Ownership 
Through  the  Use  of  Blade  Systems. 

Save  $750  instantly 

on  a  blade  enclosure  solution? 

See  Web  site  tor  details. 


1  Intel's  numbering  is  not  a  measurement  of  higher  performance.  2.  Receive  up  to  2TB  of  storage  free  with  purchase  of  HP  StorageWorks  Modular  Smart  Array  1500cs  devices.  Offer  valid  through  10/31/05. 3.  Save  $750  instantly  on  the  purchase  of  a  BladeSystem  pCIass  111  power  enclosure  solution  Offer  valid 
through  10/31/05.  All  offers  available  from  HP  Direct  and  participating  resellers.  Prices  shown  are  HP  Direct  prices,  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's  destination.  Reseller  prices  may  vary.  See  Web  site  for  full  details.  Photography  may  not  accurately 
represent  exact  configurations  priced.  Associated  values  represent  HP  published  list  price,  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2005  Hewlett-Packard  Development  Company,  L.P 
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PLM  Review  Needs 
Security  Attention 


Buying  a  product  life-cycle  management 
application  is  an  opportunity  to  address  IP 
protection  issues.  By  Mathias  Thurman 


For  the  past  couple  of 
weeks,  I’ve  spent  most 
of  my  time  in  meetings 
to  review  and  select  a 
new  product  life-cycle  man¬ 
agement  (PLM)  application. 

Normally,  I  would  just  for¬ 
ward  a  copy  of  my  guide  to 
implementing  secure  applica¬ 
tions  and  let  the  project  man¬ 
ager  go  to  town.  But  I  have 
been  charged  with  protecting 
the  company’s  intel¬ 
lectual  property,  and 
this  PLM  deployment 
is  critical  to  that 
strategic  objective. 

Therefore,  I  wanted 
to  be  actively  in¬ 
volved  in  assessing 
the  security  controls. 

For  those  of  you  security 
folks  who  haven’t  had  the 
pleasure  of  working  at  a  man¬ 
ufacturing  company,  PLM  is 
an  application  that’s  used  to 
document  and  support  the 
complete  life  cycle  of  a  prod¬ 
uct,  from  planning  through 
product  maintenance.  Most 
important,  PLM  software  will 
help  us  manage  the  bills  of 
materials  for  our  products. 

I  like  to  think  of  the  bills  of 
materials  as  the  ingredients  of 
our  products,  and  the  comput¬ 
er-aided  design  (CAD)  dia¬ 
grams,  along  with  supporting 
documentation,  as  the  recipes 
for  putting  those  products 
together.  Our  shopping  list, 
explaining  where  we  get  our 
ingredients,  is  the  enterprise 
resource  planning  element, 
which  maps  parts  and  suppli¬ 
ers.  Some  of  the  parts  are 
common  ones  that  we  get 
from  outside  suppliers,  while 
others  are  built  in-house. 

The  hardware  that  we  make 
from  these  ingredients  sells 
for  upward  of  a  million  dol¬ 


lars.  As  you  can  imagine,  if 
someone  were  to  get  a  hold 
of  the  ingredients,  recipe  and 
sourcing  information  and  then 
sell  the  information  or  use  it 
to  build  a  competing  product, 
we  would  be  out  a  consider¬ 
able  amount  of  money. 

As  I  already  said,  one  of  my 
objectives  as  security  manager 
at  this  manufacturing  compa¬ 
ny  is  to  put  together  a  program 
for  protecting  our 
intellectual  proper¬ 
ty.  An  element  of 
this  program  is  to 
ensure  that  the  en¬ 
terprise  applications 
that  house  our  intel¬ 
lectual  property  are 
properly  written. 

In  the  case  of  the  new  PLM 
application,  the  goal  is  simple: 
We  need  to  restrict  users  so 
that  each  one  can  access  only 
the  information  that  he  needs 
to  do  his  job,  with  that  access 
defined  by  the  role  the  user 
plays  in  the  company.  As  many 
of  you  know,  this  is  also  called 
the  “rule  of  least  privilege.” 

As  we  set  out  to  apply  the 
rule  of  least  privilege  to  the 
new  PLM  application,  we  have 
two  considerations.  While  it’s 
important  to  restrict  access  so 
that  a  user  has  access  only  to 
the  parts,  documents  and  dia¬ 
grams  he  needs  to  do  his  job, 
that  same  user  shouldn’t  be 


I  like  to  think  of  the 
bills  of  materials  as 
the  ingredients  of 
our  products. 


restricted  in  his  quest  for  pre¬ 
existing  information. 

An  overly  restrictive  ap¬ 
proach  will  stifle  creativity 
simply  because  users  will  be 
in  the  dark  about  existing  in¬ 
formation  that  could  be  used 
in  the  development  process. 

For  example,  a  CAD  dia¬ 
gram  is  a  series  of  overlays. 
Some  overlays  represent  com¬ 
mon  objects  that  are  reused 
for  many  of  our  company’s 
products. 

If  I  restrict  access  to  a  com¬ 
mon  object  to  the  point  that 
an  engineer  doesn’t  know  it 
exists,  he  may  spend  time  de¬ 
veloping  it  —  reinventing  the 
wheel.  It’s  going  to  take  many 
months  to  iron  out  the  logic 
that  will  be  used  to  define  the 
use  of  shared  or  common  ob¬ 
jects. 

Big  Challenges  Ahead 

Today,  our  company’s  archaic 
PLM  application  is  wide  open. 
Any  user  who  has  access  can 
view  any  bill  of  materials  for 
any  product  in  the  company. 
This  is  bad.  And  with  the  in¬ 
crease  in  offshore  develop¬ 
ment,  the  chance  that  our  in¬ 
tellectual  property  will  be 
stolen  is  much  greater.  A  con¬ 
siderable  amount  of  work  will 
be  needed  to  figure  out  which 
information  is  common  to 
which  product  and  to  properly 
define  which  employees  need 
access  to  which  products. 

At  the  same  time,  I’m  also 
hoping  to  leverage  our  exist¬ 
ing  Microsoft  Active  Directo¬ 
ry  infrastructure  and  our 
single  sign-on  application  to 
assign  access  based  on  attrib¬ 
utes  that  delineate  what  a  user 
does  for  the  company.  It’s  not 
quite  identity  management, 
but  it’ll  have  to  do. 

In  addition  to  the  logic  that 
will  describe  access  privileges, 
there  are,  of  course,  other  ap¬ 
plication  security  features  that 
I  have  to  ensure  that  the  PLM 
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product  provides. 

For  example,  we  will  want 
audit  logs  that  provide  suffi¬ 
cient  granularity  so  that  I  can 
run  a  report  on  any  user  and 
discover  what  object  he 
checked  in  or  out  and  what  ac¬ 
tivity  he  accomplished.  We 
should  be  able  to  log  and  audit 
any  activity  within  the  appli¬ 
cation,  and  the  logs  should  be 
able  to  be  exported  to  a  vari¬ 
ety  of  third-party  applications 
for  reporting  purposes.  I  like 
the  ability  to  export  data  to 
XML,  so  that  the  data  can  then 
be  easily  incorporated  into  a 
Web  page. 

Administrative  access  also 
needs  to  be  reviewed.  Besides 
wanting  sufficient  levels  of 
administrative  access,  I’d  like 
to  be  able  to  incorporate  a 
stronger  form  of  authentica¬ 
tion,  such  as  the  two-factor  au¬ 
thentication  I’ve  written  about 
before.  (Two-factor  authent¬ 
ication  requires  something  you 
have,  like  a  token,  plus  some¬ 
thing  you  know,  like  a  personal 
identification  number.) 

I  also  want  to  ensure  that 
the  vendor  has  written  its  ap¬ 
plication  securely.  Many  PLM 
applications  are  Web-based, 
which  of  course  could  open 
the  door  to  several  vulnerabil¬ 
ities  if  the  developer  hasn’t 
written  the  application  with 
security  in  mind.  I’m  mainly 
referring  to  vulnerabilities 
such  as  cross-site  scripting, 

SQL  injection  and  cookie 
tampering. 

When  I  asked  one  vendor’s 
representative  if  he  had  any 
third-party  assessments  or 
other  data  to  support  the  com¬ 
pany’s  assertion  that  its  appli¬ 
cation  is  secure,  he  tried  to  re¬ 
assure  me  by  saying  that  the 
application  is  being  used  at  a 
U.S.  defense  contractor.  I  got  a 
chuckle  out  of  that  one.  So,  for 
now,  I’ll  continue  interrogat¬ 
ing  the  vendors  and  hope  that 
one  will  rise  above  the  rest.  I 

WHAT  DO  YOU  THINK? 

This  week’s  journal  is  written  by  a  real  securi¬ 
ty  manager,  “Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias_ 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager’s  Journals,  go  online  to 
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Security  Bookshelf 

Extreme  Exploits:  Advanced 
Defenses  Against  Hardcore 
Hacks,  by  Victor  Oppleman, 
Oliver  Friedrichs  and  Brett 
Watson;  McGraw-Hill  Osborne 
Media,  2005. 

Despite  the  ti¬ 
tle,  I  didn’t  find 
a  lot  of  informa¬ 
tion  that  I  would 
consider  “ex¬ 
treme.”  Still, 
this  is  a  well- 
written,  com¬ 
prehensive 
guide  to  current 
vulnerabilities  in  some 
common  areas  of  information 
security  technology.  The  au¬ 
thors  provide  a  good  basic 
understanding  of  Border  Gate¬ 
way  Protocol.  They  also  dis¬ 
cuss  some  cool  tools  for  con¬ 
ducting  vulnerability  assess¬ 
ments.  I  had  never  heard  of 
the  Layer  Four  Traceroute 
tool,  and  it  seems  like  a  good 
addition  to  a  security  analyst’s 
assessment  toolbox.  Informa¬ 
tion  security  is  a  dynamic 
field,  and  it’s  important  that 
books  like  this  exist  to  keep  us 
security  professionals  current. 

-  Mathias  Thurman 

Worm  Creators 
Sentenced  to  Jail 

Two  British  men  who  pleaded 
guilty  to  charges  they  helped 
create  the  TK  worm  have  re¬ 
ceived  prison  terms.  Jordan 
Bradley,  22,  was  sentenced  to 
three  months’  imprisonment, 
and  Andrew  Harvey,  23,  to  six 
months,  according  to  Britain’s 
National  Hi-Tech  Crime  Unit. 
The  worm  infected  thousands 
of  computers,  including  two 
owned  by  the  Pentagon 


U.S.SpamsaLot 

The  U.S.  once  again  came  out 
on  top  of  Sophos  PLC’s  list  of 
the  top  12  spamming  coun¬ 
tries.  But  the  percentage  of 
the  world’s  spam  that  origi¬ 
nated  here  during  the  past  six 
months  fell  to  26.35%  from 
41.5%  in  the  same  period  last 
year.  The  only  other  countries 
contributing  more  than  10%  of 
ail  spam  were  South  Korea 
(19.7%)  and  China  (15.7%). 
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The  Paradox 


The  threat  you  need  to  see  coming 
is  thl  tdreat  yoircan't  seetomlng. 


The  Answer:  Proven  security. 


Zero-day  threats.  Modified  threats.  Encrypted  attacks.  With  McAfee®,  you’re  protected.  Our  comprehepsiye 


Vulnerability  Management 
Intrusion  Prevention 


E-Mail  &  Web  Security 
Anti-Spam 
Anti-Spyware 
Anti-Virus 


networks.  And  our  proven  approach  blocked  or  contained  100%  of  the  top  attacks  in  2004.  Backed  by  more - 
than  15  years  of  experience  protecting  and  supporting  our  customers,  McAfee’s  software,  hardware,  antjf  ; 


services  are  a 
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This  Is  Only 
A  Cybertest 

Japan  will  conduct  nationwide  exercises  next  year 
in  order  to  prepare  effectively  for 
cyberattacks  on  computer  net¬ 
works. 

Mock  cyberterrorists  will  sim¬ 
ulate  attacks  on  computer  net¬ 
works  of  businesses  and  govern¬ 
ment  organizations  to  discover 
vulnerabilities,  according  to  the 
Yomiuri  S/j/mbun  newspaper 
and  United  Press  International. 

Participating  in  the  exercises 
will  be  financial  institutions, 
communications  companies 


and  Internet  service  providers,  as  well  as  the  central 
and  local  governments. 

Participants  in  the  exercises  will  set  up  dummy 
Internet  servers  with  the  same  content  as  real  ones. 

Following  the  simulated  attacks,  participants  will 
measure  computer  security  by  gauging  the  time 
and  work  necessary  for  them  to 
normalize  their  networks. 

An  increasing  number  of 
companies  and  government 
offices  in  Japan  have  been  the 
target  of  cyberattacks.  In  one  re¬ 
cent  case,  Kakaku.com,  Japan’s 
largest  Web  site  specializing  in 
product  comparison  information 
for  consumer  goods,  had  to  be 
shut  down  temporarily  after  its 
network  was  the  target  of  an 
attack.  ©  57275 


Shockley  (seated),  Bardeen  (left)  and  Brat- 
tain.  At  left  is  a  photo  of  the  first  transistor. 


DIFFERENCE  ENGINES 


Beyond  the 
Vacuum  Tube 


The  transistor  was  invented  at  Bell  Laboratories 
by  William  Shockley,  John  Bardeen  and  Walter 
Brattain.  This  has  been  called  perhaps  the  most 
important  electronics  event  of  the  20th  century, 
since  it  later  made  possible  the  integrated  circuit 
.  .and  microprocessor,  which  are  integral  to  mod- 
.  em  electronics.  Prior  to  the  invention  of  the  tran¬ 
sistor,  the  vacuum  tube  was  the  only  piece  of 
technology  that  could  provide  current  regulation 
■and  switching  functions  (the  word  transistor  is  a 
■  combination  of  transfer  and  resistor).  But  the 
.  vacuum  tub'ecould  be  miniaturized  only  to  a  cer- 
.  tain  extent,  and  it  wasted  a  lot  of  energy  in  the 
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Help  for  FEMA 

A  research  team  led  by  a  University  of  Ari¬ 
zona  professor  has  found  a  way  to  improve 
maps  of  the  western  U.S.  used  by  the  Feder¬ 
al  Emergency  Management  Agency  to  de¬ 
termine  the  amount  of  land  area  within  100- 
year  flood  plains.  Initial  results  indicate  that 
FEMA’s  current  maps  significantly  overesti¬ 
mate  the  size  of  flood  plains. 

The  three-pronged  approach  combines 
a  numerical  computer  model  with  data  from 
satellite-image  analysis  and  observations 
from  the  field. 

In  addition  to  providing  better  hazard  in¬ 
formation  to  the  public,  revising  the  flood- 
plain  maps  could  have  major  economic  ef¬ 
fects  on  the  rapidly  growing  Southwest.  Of¬ 
ten,  homeowners  in  areas  deemed  to  be  in  a 
flood  plain  must  buy  flood  insurance  in  addi¬ 
tion  to  regular  homeowner’s  insurance. 

To  create  a  computer  model  to  predict 
flood  intensity,  Jon  D.  Pelletier,  an  associate 
professor  of  geosciences  at  the  University  of 
Arizona  in  Tucson,  used  very  detailed  maps 
of  alluvial  fans,  data  from  stream  gauges  and 
a  mathematical  analysis  that  predicted  how 
the  water  flowed  through  the  numerous 
small  channels  on  a  given  alluvial  fan  during 
a  given  storm. 

For  maps,  Pelletier  used  digital  elevation 
models,  which  are  computer-generated 
maps  made  from  low-altitude  aerial  pho¬ 
tographs  that  can  show  changes  in  elevation 
of  as  little  a  four  inches.  The  combined 
method  applies  to  the  foothills  of  western 
mountain  ranges  such  as  the  Santa  Batali¬ 
nas  and  the  Tortolitas  outside  Tucson.  Many 
western  cities,  including  Phoenix,  Las  Vegas 
and  Denver,  have  similar  foothills. 


“We  have  three  methods  that  give  darn 
near  the  same  result,  and  it’s  a  way  smaller 
flood  plain  than  the  model  FEMA  has  gener¬ 
ally  used,”  Pelletier  says. 

Pelletier  and  other  researchers,  including 
Larry  Mayer,  a  University  of  Arizona  adjunct 
professor  of  geosciences,  and  Philip  A. 
Pearthree,  a  research  geologist  at  the  Ari¬ 
zona  Geological  Survey  in  Tucson,  published 
their  findings  in  the  current  issue  of  GSA  Bul¬ 
letin,  a  publication  of  the  Geological  Society 
of  America. 


This  computer-generated  model 
shows  how  1997Tropical  Storm 
Nora  affected  Tiger  Wash  in 
Arizona’s  Harquahala  Mountains. 
The  red  shows  where  the  water 
was  deepest,  and  the  brown 
indicates  upland  areas  that 
didn't  flood. 
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sisted  of  a  plastic  triangle  lightly  suspended 
above  a  germanium  crystal  that  itself  was  sitting 
on  a  metal  plate  attached  to  a  voltage  source.  A 
strip  of  gold  was  wrapped  around  the  point  of 
the  triangle  with  a  tiny  gap  cut  into  the  gold  at  the 
precise  point  it  came  in  contact  with  the  germa¬ 
nium  crystal.  The  germanium  acted  as  a  semi¬ 
conductor  so  that  a  small  electric  current  enter¬ 
ing  on  one  side  of  the  gold  strip  came  out  the 
other  side  as  a  proportionately  amplified  current. 

In  a  burst  of  competitive  creativity  over  sever¬ 
al  weeks,  Shockley  then  developed  the  junction 
(sandwich)  transistor.  His  device  was  more 
rugged  and  more  practical  than  the  point-contact 
transistor,  and  it  was  easier  to  manufacture.  It 
became  the  central  artifact  of  the  Electronic 
Age.  Shockley,  Bardeen  and  Brattain  shared  the 
1956  Nobel  Prize  in  physics ‘or  the;r  invention. 


U.S.  Q4  Online  Retail 
Sales  ,*  2001-2005 

(in  billions  and  as  a  %  increase  vs.  prior  year) 


Q42001  I 

(21.3%)  I 

Q4  2002 

(30.7%) 

Q4  2003 

(22.9%) 

Q4  2004 

(24%) 

Q4  2005 

(21.9%) 


S10.80 


S14.12 


S17.36 


S21.52 


S26.23 


*  Not  adjusted  for  inflation 

Sources:  2001-2004  data:  U.S.  Department  of 
Commerce,  August  2005; 

2005  data:  eMarketer  Inc.  estimate,  September  2005 
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Seagate  Releases 
New  Hard  Drives 

■  Seagate  Technology  LLC  has 
announced  the  availability  of  its 
Barracuda  7200.9  internal  hard 
drives.  The  products  are  targeted 
at  low-cost  and  Serial  ATA 
servers,  PCs,  PC  gaming  systems 
and  media  PCs,  according  to  the 
company.  They  have  a  capacity  of 
up  to  500GB,  with  3Gbit/sec. 
throughput  and  native  command 
queuing.  Information  about  pric¬ 
ing  wasn’t  available. 


AirWave  Upgrades 
Wireless  Software 

■  AirWave  Wireless  Inc.  intro¬ 
duced  Wireless  Management 
Platform  4.0,  which  it  said  offers 
Web-based  graphical  views  of 
Wi-Fi  networks  that  help  desk 
staffers  can  use.  Other  features 
include  wired-network-based 
rogue  access-point  detection.  An 
introductory  system  that  manages 
25  access  points  costs  $3,500. 


NetApp,  Kazeon 
Team  for  Search 

■  Network  Appliance  Inc.  last 
week  announced  an  agreement 
with  Kazeon  Systems  Inc.  that 
calls  for  the  two  companies  to  in¬ 
tegrate  the  data  classification  and 
search  capabilities  of  Kazeon’s 
Information  Server  with  NetApp 
storage  systems.  The  Kazeon  In¬ 
formation  Server  IS1200,  also 
announced  last  week,  integrates 
with  NetApp  data  protection  and 
regulatory  compliance  software. 


Imation  Announces 
Integration  Product 

a  Imation  Corp.  has  announced 
new  technology  called  Ulysses 
that  integrates  a  hard  disk  drive 
into  a  standard  tape  cartridge  for 
deployment  in  any  tape  library. 
The  hardware  that  fits  into  the 
tape  drive  bay  and  reads  the  disk 
is  expected  sell  for  between 
$5,000  and  $7,000  retail,  and 
the  cost  of  a  Ulysses  cartridge 
will  be  comparable  to  that  of  an 
LT0  cartridge. 


DOUGLAS  SCHWEITZER 


Addressing  the  Human 
Security  Vulnerability 


SO,  YOU  HAVE  THE  BEST  FIREWALL,  intru- 

sion-detection  and  antivirus  systems  technol¬ 
ogy  has  to  offer.  Yet,  despite  your  Fort  Knox 
approach,  you’re  still  hit  with  security  breach¬ 
es  and  the  occasional  malware  du  jour.  One 
reason  for  this  may  be  the  lack  of  motivation  by  your 
workers.  Unlike  owners,  they  don’t  have  a  direct  inter¬ 
est  in  the  success  of  the  company.  Or  do  they?  How  far 
are  they  willing  to  go  to  ensure  corporate  success? 


Usually,  not  very.  In  fact, 
in  most  cases,  they  don’t 
put  much  additional  effort 
into  executing  their  duties 
—  just  enough  to  get  the 
work  done  and  retain  their 
jobs.  According  to  Ken 
Shaurette,  information  se¬ 
curity  solutions  manager  at 
MPC  Technology  Solutions, 
however,  “a  too-often  over¬ 
looked  way  to  improve 
these  attitudes  is  to  include 
information  security  in  the 
job  descriptions  of  employ¬ 
ees.”  When  your  organiza¬ 
tion  makes  security  awareness  and  poli¬ 
cy  compliance  mandatory,  the  apathetic 
trend  can  be  reversed. 

When  management  requires  security 
policy  compliance  to  be  a  key  part  of  an 
employee’s  job,  interest  is  generated. 

An  added  benefit  is  that  security  be¬ 
comes  part  of  the  corporate  culture. 
With  performance  reviews  (hence,  pos¬ 
sible  raises)  looming  periodically,  em¬ 
ployees  are  more  apt  to  fit  compliance 
into  their  daily  routine.  Knowing  that 
they’re  being  graded  encourages  em¬ 
ployees  to  comply  with  policies. 

Shaurette  encourages  employers  to 
include  a  wider  cross  section  of  em¬ 
ployees  in  the  interview  portion  of  se¬ 
curity  assessment  and  in  compliance 
reviews.  These  additional  personnel 
will  automatically  gain  a  better  aware¬ 
ness  of  security  issues  simply  as  a  re¬ 
sult  of  their  exposure  to  security  pro¬ 
fessionals.  Not  only  will  they  add  their 


input  as  to  what  data 
should  be  gathered  for 
analysis,  but  they’ll  also 
come  away  with  a  better 
appreciation  of  the  need  for 
assessments.  When  they’re 
a  part  of  the  compliance  re¬ 
view,  employees  “will  get  a 
sense  of  ownership  of  the 
final  results  from  the  as¬ 
sessment,”  says  Shaurette. 

Inclusion  alone  won’t 
always  solve  employee- 
apathy  problems,  however. 
Here  are  some  other  ways 
to  reduce  security  risks  cre¬ 
ated  by  employees  who  just  don’t  care. 

Monitoring.  One  solution  that  maybe 
isn’t  palatable  but  certainly  is  effective 
is  employee  usage  monitoring.  Tracking 
employee  PC  use  can  result  in  negative 
repercussions  for  the  company,  but  it’s 
one  sure  way  to  establish  control  over 
the  network.  Monitoring  needs  to  be 
carried  out  in  such  a  way  that  employee 
dignity  is  protected  —  a  daunting  task 
because  few  tools  are  available  to  auto¬ 
mate  the  process.  “Doing  the  monitor¬ 
ing  can  become  a  very  heavy  adminis¬ 
trative  burden  or  require  many  applica¬ 
tion  modifications  that  are  often  not 
even  possible  because  applications  are 
vendor-maintained,”  says  Shaurette. 

Restricted  access.  Limiting  or  retract¬ 
ing  network  access  can  also  reduce  (if 
not  prevent)  the  impact  of  employee 
apathy,  according  to  Simon  Heron, 
managing  director  of  Network  Box. 
With  the  IT  manager  in  control,  “signa- 
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tures  for  antivirus  and  antispam  can  be 
pushed  to  the  gateway  and  to  the  desk¬ 
top  from  central  company  servers,”  says 
Heron.  The  manager  is  in  control  of 
downloading  the  signatures,  and  the 
manufacturer  can  push  software  up¬ 
dates  onto  the  gateway  to  ensure  that 
it’s  up  to  date.  “This  means  that  the  ap¬ 
athetic  employee  can’t  get  in  the  way  of 
updating  their  systems;  it  takes  them 
out  of  the  equation,”  says  Heron. 

Unified  threat  management.  Heron 
points  out,  however,  that  limiting 
access  may  not  prevent  infections 
altogether.  Therefore,  many  organiza¬ 
tions  are  turning  to  unified  threat 
management  systems.  Deploying  this 
type  of  technology  restricts  employee 
access  to  the  Internet  for  browsing 
and  using  e-mail  and  instant  messaging 
applications. 

Endpoint  security.  It’s  important  to  re¬ 
alize  that  careless  use  of  endpoint  de¬ 
vices  like  laptops  and  handhelds  is  one 
of  the  biggest  causes  of  compromised 
security.  Recent  surveys  have  found 
that  —  because  of  outright  ignorance  of 
or,  even  worse,  apathy  toward  security 
—  roughly  a  third  of  users  don’t  even 
bother  using  password  protection  on 
their  devices.  This,  of  course,  leaves 
data  vulnerable  to  hackers  and  other 
opportunists,  especially  if  the  devices 
are  lost  or  stolen.  Moreover,  remote 
users  and  mobile  workers  have  been 
known  to  pick  up  viruses  and  worms  on 
the  road,  then  infect  the  corporate  net¬ 
work  when  they  return  to  the  office. 

It’s  imperative  that  endpoint  devices 
be  checked  for  compliance  with  your 
network  security  policy.  Mandate  that 
all  endpoint  devices  have  the  latest 
patches  and  antivirus  software.  In  addi¬ 
tion,  your  policy  should  restrict  the  use 
of  file-sharing  and  peer-to-peer  appli¬ 
cations  and  require  certain  operating 
system,  browser  and  application  securi¬ 
ty  settings.  O  57313 
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REVIVAL 


IT  research  and  development 
is  making  a  comeback, 
but  the  rules  have  changed. 
BY  DAVID  GEER 


HIT  R&D  was  previous 
ly  about  technology 
for  its  own  sake,  m 
Today,  it  is  much  more  linked 
to  ROI  and  key  business  value 
creation. 

VIJAY  SANKARAN,  IT  MANAGER 
FOR  ENTERPRISE  TECHNOLOGY. 

FORD  MOTOR  CO. 


Despite  the  dot-com  fallout  that  pulled 
the  plug  on  IT  at  the  end  of  the  last  mil¬ 
lennium,  IT  R&D  is  staging  a  revival. 
But  today,  it  has  a  new  mission,  a  new 
culture,  broader  sponsorship,  a  different 
profile  and  a  new  emphasis  on  partnerships. 


Late  in  the  1990s,  the  typical  IT  R&D 
mission  was  to  move  ahead  to  the  next 
technology  no  matter  what.  Research 
often  went  almost  directly  from  exper¬ 
imentation  into  production  without 
proper  testing,  without  any  justifica¬ 


tion  of  the  value  of  the  technology 
to  business,  without  plans  for  properly 
engineering  it  into  the  environment 
and  without  a  design  for  deployment, 
says  Vijay  Sankaran,  IT  manager  for 
enterprise  technology  at  Ford  Motor 


Co.  in  Dearborn,  Mich. 

“There  was  no  formalized,  architect¬ 
ed  approach  to  introducing  new  tech¬ 
nologies,”  says  Sankaran.  This  led  to 
unfocused  technologies  such  as  multi¬ 
ple  company  Web  sites  that  weren’t 
even  linked  together,  he  says. 

As  a  result,  many  dot-com  IT  R&D 
initiatives  ultimately  failed.  “Projects 
were  late;  they  didn’t  do  as  expected, 
and  even  if  they  did  work  as  expected, 
they  didn’t  deliver  the  kind  of  revenue 
gains  people  expected,”  says  Martin 
Reynolds,  an  analyst  at  Gartner  Inc. 

“In  the  dot-com  days,  R&D  efforts 
were  consistent  with  that  period’s  land- 


grab  mentality,”  says  John  Baschab, 
co-author  of  The  Executive’s  Guide  to 
Information  Technology  (John  Wiley  & 
Sons,  2003).  Companies  were  focused 
on  increasing  their  Web  real  estate  by 
using  technologies  like  scalable  Web 
architectures  to  grow  their  Web  pres¬ 
ence,  visual  design  techniques  to  draw 
people  in  and  back-office  systems  that 
could  support  millions  of  customers, 
he  says.  But  for  the  most  part,  these 
plans  did  not  materialize.  “IT  R&D 
today  focuses  more  on  practical,  prag¬ 
matic  issues,”  Baschab  says. 

While  today’s  IT  R&D  still  has  to 
innovate  fast,  it  also  has  to  innovate  in 


44  COMPUTERWORLD  October  17, 2005 


MANAGEMENT 


www.computerworld.com 


the  right  way,  says  Sankaran.  The  focus 
has  shifted  from  research  for  research’s 
sake  to  meeting  business  needs. 

For  example,  in  the  late  1980s  and 
into  the  ’90s,  as  much  as  50%  of  the 
IT  R&D  budget  at  The  Procter  & 
Gamble  Co.  went  to  pure  emerging- 
technology  research.  “Now,  about  80% 
of  it  is  spent  on  doing  engineering 
against  business  problems,”  says 
Robert  Scott,  vice  president  of  IT  and 
innovation  at  the  Cincinnati-based 
consumer  goods  maker. 

Innovation  has  always  played  a  criti¬ 
cal  role  at  P&G,  Scott  says.  “But  as  we 
looked  toward  the  future,  we  knew  that 
we  needed  IT  R&D  to  play  an  even 
larger  role  to  maintain  our  edge  in  an 
increasingly  competitive  marketplace. 
For  that  to  happen,  we  needed  to 
change  how  IT  worked  and  how  it  in¬ 
tegrated  with  the  rest  of  the  company.” 

Other  changes  at  the  company’s 
R&D  group  reflect  the  same  new 
mind-set.  “We  call  our  IT  R&D  group 
‘E&D’  for  engineering  and  develop¬ 
ment,”  explains  Scott.  The  name  im¬ 
plies  that  the  group’s  goal  is  to  engi¬ 
neer  applications  for  business  rather 
than  research  emerging  technologies, 
he  says. 

Despite  the  changes,  IT  R&D  is 
once  again  very  alive  and  robust,  ac¬ 
cording  to  Scott.  “We  have  some  fun¬ 
damental  areas  of  breakthrough  that 
we  consider  strategically  important  to 
the  company,”  he  says.  “Our  research 
organization  has  been  realigned  to 
go  right  up  against  those  areas  and 
deliver  breakthrough  ideas  to  push 
the  envelope.” 

Cultural  Changes 

New  R&D  group  cultures  also  demon¬ 
strate  much  tighter  ties  with  business. 
For  example,  DaimlerChrysler  AG  in 
Auburn  Hills,  Mich.,  for  example,  has 
a  Global  Technology  Council  with 
members  from  business,  IT  and  IT 
R&D.  It  meets  monthly  to  discuss  busi¬ 
ness  unit  expectations  and  align  bud¬ 
gets,  says  Seshu  Bhagavathula,  director 
of  technology  strategy. 

R&D  today  is  less  isolated  from  the 
rest  of  the  business  than  it  was  before. 
“Everybody  from  the  chairman  on 
down  is  sponsoring  advancements  in 
technology,”  says  Jeffrey  Cohen,  CIO 
at  DestiNY  USA,  a  New  York-based 
shopping  mall  developer.  “It’s  actually 
our  chairman  who  has  driven  us  to 
having  an  open-source  platform 
across  all  R&D,”  he  adds.  “From  the 
top  down,  everybody’s  interested  in 
technology  [and]  how  it  will  impact 
what  we  do  as  a  company.” 

Broader  sponsorship  means  more 


brains  are  work¬ 
ing  together, 
storming  up 
innovative 
approaches 
to  R&D. 

According  to 
Sankaran,  one  of 
those  approach¬ 
es  is  to  look  for 
recombination 
opportunities. 

“How  do  you 
take  technolo¬ 
gies  already  on 
the  shelf  and  re¬ 
combine  them 
in  such  a  way 
that  they  make 
a  meaningful  business  impact,  rather 
than  looking  at  what  may  be  five  to 
10  years  out?”  Sankaran  says. 

R&D  groups  are  also  forging  closer 
ties  with  suppliers.  At  Daimler¬ 
Chrysler,  for  example,  IT  R&D  not 
only  measures  the  performance  of 
strategic  suppliers,  but  it  also  some¬ 
times  affects  it. 

DaimlerChrysler  product  managers 
participate  in  customer  focus  groups 
in  the  research  labs  of  the  automak¬ 
er’s  top  suppliers,  suggesting  features 
that  they  would  like  to  see  in  upcom¬ 
ing  versions  of  products.  The  product 
managers  are  also  permanent  mem¬ 
bers  of  the  supplier  councils,  which 
schedule  meetings  a  minimum  of  four 
times  a  year.  So  the  product  managers 
know  what’s  coming  next  from  the 
vendors  much  sooner  than  they  once 


did,  according  to 
Bhagavathula. 

“They  may 
even  have  input 
into  what  the 
next  product 
should  look 
like,”  Bhaga¬ 
vathula  adds. 

In  cases  where 
P&G  has  out¬ 
sourced  IT  oper¬ 
ations,  it  lever¬ 
ages  relation¬ 
ships  with  ven¬ 
dors  such  as 
Hewlett-Packard 
Co.  and  IBM  to 
gain  access  to 
their  innovation  labs.  “We  collaborate 
aggressively  to  create  innovations. 
That’s  our  standard  operating  proce¬ 
dure,”  says  Scott. 

These  partnerships  aren’t  limited  to 
suppliers,  though.  Ford  collaborates 
with  various  consortia,  as  well  as 
open-source  development  labs  and 
the  Internet2  initiative,  according  to 
Sankaran.  Internet2  is  the  next-genera¬ 
tion  Internet,  which  the  government 
and  universities  are  developing  today 
in  much  the  same  way  they  developed 
the  current  Internet. 

“We’re  looking  for  ways  to  take  off¬ 
shoots  of  some  of  that  research  and 
apply  it  to  near-term  implementations 
rather  than  esoteric  research,”  says 
Sankaran.  Ford  is  focusing  on  the  per¬ 
sonal  collaboration  space  and  how 
voice,  video,  podcasting  and  videocast¬ 


ing  are  going  to  affect  the  way  it  does 
business,  Sankaran  says. 

P&G,  Ford  and  DaimlerChrysler  are 
also  all  looking  at  how  to  use  radio  fre¬ 
quency  identification  technology  to 
make  their  supply  chains  more  effi¬ 
cient.  “Velocity  through  the  supply 
chain  is  critically  important,”  says  Scott. 
“We  have  done  a  lot  of  collaborative 
work  to  push  that  envelope  because  we 
believe  we  can  significantly  reduce 
costs  for  our  retail  partners  and  us.” 

Risks  and  Returns 

Because  of  R&D’s  mission  and  budget 
realignments,  many  group  find  that 
there  are  more  hard  ROI  expectations 
now  than  there  were  in  the  past.  “IT 
R&D  was  previously  about  technology 
for  its  own  sake.  Today,  it  is  much 
more  linked  to  ROI  and  key  business 
value  creation,”  says  Sankaran.  “We 
went  through  this  phase  where  we  un¬ 
dertook  too  much  change  within  our 
organization.  Now  we’re  just  trying  to 
figure  out  what’s  robust,  what’s  scal¬ 
able  and  how  we  peel  back  some  of  the 
messes  that  we  made.” 

But  expectations  of  big  returns  can 
work  in  R&D’s  favor  when  it  comes  to 
budgeting.  At  P&G,  the  widespread 
belief  that  IT  R&D  is  strategically  fo¬ 
cused  on  the  right  things  has  helped 
shift  the  focus  from  a  concern  for  con¬ 
trolling  costs  to  a  recognition  of  the 
need  to  invest  in  the  business.  As  a 
result,  Scott  says,  the  company  is  will¬ 
ing  to  take  more  risks  in  order  to  “hit 
some  big  home  runs.” 

With  all  of  the  changes  in  IT  R&D, 
there  is  one  striking  similarity  to  the 
research  organizations  of  the  ’90s: 

The  goal  is  still  innovation,  and  people 
still  believe  that  technology  is  a  critical 
differentiator. 

“Companies  that  can  embrace  tech¬ 
nology  and  build  it  into  their  product 
in  a  more  meaningful  way  more  quick¬ 
ly  are  the  ones  that  are  going  to  be 
more  adaptable  to  change,”  says 
Sankaran. 

Today’s  IT  R&D  is  less  about  pie 
in  the  sky  and  more  about  innovative 
applications  that  serve  the  business 
now.  It’s  run  like  a  business  and  for 
the  business  by  business-minded  IT 
professionals. 

“Innovation  has  become  a  fixed 
scheme,  not  only  within  our  company 
but  also  in  many  companies  in  the 
U.S.,”  says  Sankaran.  “That’s  one  of 
the  key  factors  in  the  reinvigoration 
of  an  IT  R&D  organization.”  ©  57190 


Geer  is  a  freelance  writer  in  Ashtabula, 
Ohio.  You  can  contact  him  atgeercom@ 
alltel.net. 


oles  and  Expectations 


WHILE  R&D  STAFF  TITLES  are  much 
the  same  as  ever,  the  profiles  of  the  indi¬ 
viduals  are  fundamentally  different,  ac¬ 
cording  to  Robert  Scott,  vice  president 
of  IT  and  innovation  at  Procter  &  Gam¬ 
ble.  “I’ve  been  with  P&G  for  30  years, 
and  I  can  tell  you  there  was  a  time  when 
our  IT  R&D  group  was  made  up  of  the 
technical  geeks  who  nobody  could  un¬ 
derstand  and  frankly  didn’t  want  to  be 
around  much,"  he  says.  “You  talk  with 
our  R&D  people  today,  and  I  bet  you 
could  have  a  conversation  with  them  for 
an  hour  and  not  know  they're  part  of  our 
IT  R&D  group." 

Today’s  IT  R&D  professionals  are  a 
reflection  of  evolved  expectations,  says 
Vijay  Sankaran,  IT  manager  for  enterprise 
technology  at  Ford.  “For  example,  my 


people  have  to  submit  formal  research 
proposals  on  the  technologies  they  are 
evaluating.  They  have  to  tell  the  story  of 
how  the  technology  fits  in,"  he  says. 

According  to  Scott,  the  key  difference 
in  today’s  IT  R&D  teams  is  that  they’re 
considered  business  partners  who  keen¬ 
ly  understand  how  their  expertise  serves 
business  needs. 

P&G’s  IT  R&D  leaders  made  a  deliber¬ 
ate  effort  over  the  past  four  years  to  bet¬ 
ter  integrate  their  teams  with  the  busi¬ 
ness  by  setting  goals  that  aligned  with 
company  goals,  working  more  directly 
with  the  business  units  and  refocusing 
employees,  according  to  Scott.  “Ulti¬ 
mately,"  he  says,  “our  R&D  folks  start 
with  the  end  in  mind.” 

-David  Geer 


In  the  dot¬ 
com  days, 
R&D  efforts  were 
consistent  with 
that  period’s  land- 
grab  mentality. 

JOHN  BASCHAB,  CO-AUTHOR  OF 
THE  EXECUTIVE’S  GUIDE  TO 
INFORMATION  TECHNOLOGY 


l 


_THE  INVASION 


_DAY  3:  The  servers  have  taken  over.  We  bought 
so  many  affordable  ones  we  can’t  afford  the  people 
to  manage  them.  How  far  does  this  sprawl  spread? 
Have  they  taken  over  the  city?  The  planet? 

Ma,  have  they  gotten  to  you,  too?  (Must  type 
very,  very  quietly.  They’re  L-I-S-T-E-N-I-N-G.) 
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How  directors 
can  get  a 
grip  on  IT 


AND THE 


BOARD 


Boards  of  directors  are  growing  increas¬ 
ingly  nervous  about  their  companies’ 
dependence  on  IT,  and  with  good  rea¬ 
son.  IT  accounts  for  more  than  50% 
of  capital  spending  in  some  companies. 
But  there  are  no  standards  for  IT  gover¬ 
nance  as  there  are  for  areas  such  as 
accounting  and  compensation 
(see  “Business  in  the  Driver’s 
Seat,” page  31).  In  a  comprehen¬ 
sive  article  in  this  month’s  Har¬ 
vard  Business  Review,  Richard 
Nolan  and  F.  Warren  McFarlan 
lay  out  an  IT  governance  plan. 
McFarlan,  professor  emeritus  at 
Harvard  Business  School,  told 
Kathleen  Melymuka  how  boards 
can  get  a  grip  on  IT. 

So  the  first  step  toward  IT  governance  is  to 
determine  whether  the  company’s  reliance 
on  IT  is  defensive  or  offensive.  Can  you  ex¬ 
plain?  In  offensive  mode,  you’re  doing 
things  that  will  give  you  a  significant 
increase  in  market  share,  measurable 
improvement  in  service  and  significant 
reductions  in  cost  to  allow  you  to  bet¬ 
ter  position  yourself  vis-a-vis  the  com¬ 
petition.  There’s  a  certain  amount  of 
risk:  Pioneers  get  arrows  in  their  backs, 
then  the  settlers  come  in  behind. 

In  defensive  mode,  you  see  a  trend 
in  the  industry,  and  you  move  quickly 
to  close  the  gap. 

Tell  me  about  the  strategic  impact  grid.  This 
formulation  has  been  the  framework 
for  all  my  corporate  information  sys¬ 
tems  strategies.  At  the  core  is  a  contin¬ 
gency  approach  to  IT  management: 
There  is  no  right  way  to  plan,  organize, 
take  risks;  it  depends  on  who  you  are. 

There  are  two  critical  dimensions. 
On  the  vertical:  How  important  is  it 
that  your  operations  run  in  a  bullet¬ 
proof,  reliable,  secure,  24/7  [environ¬ 
ment  with  a]  subsecond  response  time? 
The  higher  you  go,  the  more  you  need 


to  spend  on  backup  and  security.  The 
horizontal  dimension  is  the  strategic 
impact  of  what  you  have  under  devel¬ 
opment.  Is  it  really  important  in  trans¬ 
forming  the  organization  offensively? 

Or  is  it  nice,  useful,  solid  but  not  really 
transforming  the  organization? 

The  grid  has  four  quadranis.  Tell  me 
about  those.  The  support  quad¬ 
rant  is  where  what’s  under  de¬ 
velopment  is  not  a  huge  deal, 
and  if  your  networks  go  down, 
it’s  not  the  end  of  the  world. 
About  5%  to  8%  of  the  IT  world 
is  in  that  quadrant. 

The  factory  quadrant  is 
almost  40%.  There  it’s  a  huge  deal  if 
things  go  down,  but  if  you’re  late  on 
ERP  or  other  innovations,  that’s  irritat¬ 
ing  but  not  the  end  of  the  world. 

The  strategic  quadrant  is  where 
what’s  under  development  is  unbeliev¬ 
ably  important  and  there  is  huge  re¬ 
liance  on  systems  day  in  and  day  out. 

In  the  turnaround  quadrant,  what’s 
under  development  is  important,  but 
if  your  networks  go  down,  it’s  not  the 
end  of  the  world.  Research  firms  are  in 
this  [area].  They  may  have  an  eight-  or 
nine-year  lead  time,  so  they  can  take 
more  roughness  in  the  back  network 
than  the  bank  that’s  running  ATMs. 

How  involved  does  the  board  need  to  be  in 
the  various  quadrants?  In  the  strategic 
mode,  it  needs  to  be  really  involved. 
Basically,  it’s  a  major  investment  of 
corporate  resources.  Over  half  of  capi¬ 
tal  investment  tends  to  be  in  this  area. 
There  are  new  initiatives,  and  the 
board  needs  to  have  a  view  as  to  how 
the  company  positions  itself,  where  it 
lies  within  the  industry  and  whether 
the  back  office  is  being  managed  in  the 
way  it  should  be  for  the  organization. 

This  is  particularly  important  now 
because  of  Sarbanes-Oxley.  The  typical 


audit  committee  is  taking  three  times 
longer  than  it  took  a  few  years  ago. 
Since  we  don’t  have  infinite  time, 
when  boards  make  a  shift  like  that, 
what  gets  squeezed  is  strategy. 

How  involved  should  the  board  be  when  the 
company  isn’t  in  strategic  mode?  We  ask 

for  different  levels.  At  the  factory 
quadrant,  for  example,  it’s  very  impor¬ 
tant  to  have  a  member  of  the  board 
who  is  actually  versed  in  IT  —  an 
expert  to  say,  “Are  the  best-practice 
things  being  done  here?”  But  in  the 
spirit  of  the  contingency  focus,  the  big, 
broad  focus  on  IT  needs  to  be  in  those 
organizations  in  the  strategic  quadrant. 

How  do  you  set  up  the  board’s  IT  governance 
committee,  and  who’s  on  it?  The  IT  gover¬ 
nance  committee  includes  at  least  one 
person  deeply  knowledgeable  in  the 
technology,  and  the  other  people  have 
a  feel  for  how  the  company  is  compet¬ 
ing  and  are  able  to  ask  the  necessary 
questions. 

How  likely  is  it  that  a  given  board  will  have 
that  level  of  IT  expertise?  You  go  out  and 


rifle-shoot.  Procter  &  Gamble,  for  ex¬ 
ample,  has  a  technology  innovation 
committee,  and  Scott  Cook,  the 
founder  of  Intuit,  is  there  to  ask  the 
challenging  questions.  The  boards 
of  companies  that  are  in  the  strategic 
quadrant  are  doing  this. 

Your  article  gives  a  very  comprehensive  set 
of  instructions.  What’s  the  most  important 
single  thing  for  getting  it  right?  The  most 
important  thing  is  to  understand  that 
we  are  living  in  a  fast-changing,  infor¬ 
mation-intensive  economy.  Many 
of  the  board  members  are  not  really 
focused  on  this  as  something  that’s 
turning  the  organization  inside-out. 
This  is  a  wake-up  call  to  make  sure 
that  your  organization  isn’t  asleep  at 
the  switch  in  the  Information  Age. 
We’ve  got  examples  out  of  the  past: 

In  1984,  there  wasn’t  a  single  IBM 
board  member  who  had  a  PC.  Today, 
you  can’t  be  running  an  organization 
without  understanding  IT.  ©  57226 


This  is  the  latest  in  a  series  of  monthly  discus¬ 
sions  with  Harvard  Business  Review  authors 
on  topics  of  interest  to  IT  managers. 


WHO  ARE  YOU? 

F.  Warren  McFarlan’s  strategic  impact  grid  helps 
companies  understand  how  much  they  depend  on  their 

IT  systems  for  strategic  impact  and  speed/reliability. 
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■  Systems  are  mostly  invisible  to 
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customers  and  suppliers. 

■  IT  is  more  than  50%  of  capital 

■  80%  of  value  transactions  can 

spending. 

quickly  revert  to  manual. 

■  IT  is  more  than  15%  of  total 

■  Most  systems  work  is 
maintenance. 

corporate  expenses. 

_ 

STRATEGIC  IMPACT 

_DAY  30:  It  s  gotten  worse.  I’m  trapped  in  a  maze 
of  our  own  creation.  Oh,  the  irony.  I  need  an 
answer.  (P.S.  I’m  frightened.) 


_DAY  31:  I  need  IBM  Systems  with  vi rtualization 
technology.  Helps  you  manage  your  servers  and  storage, 
each  from  a  single  view,  so  you  can  deploy  resources 
on  the  fly.  Lets  you  scale  up  and  out  quickly. 

I  will  achieve  control.  I  will  be  a  big  hero. 

-  ...  They  will  call  me  Ned.  Ned,  Champion  of  Simplicity. 
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Shearan  Picked  for 
IT  Helm  at  Mellon 

Mellon  Financial  Corp.  in  Pitts¬ 
burgh  announced  that  KEVIN  L. 
SHEARAN  has  been  promoted  to 
CIO.  Shearan  joined  Mellon  in 
1997  as  head  of  a  new  software 
engineering  group  and  was  pro¬ 
moted  to  executive  vice  president 
in  January  2004.  Shearan  previ¬ 
ously  served  as  director  of  tech¬ 
nology  at  the  Worldwide  Securi¬ 
ties  Services  division  of  Citicorp. 


McGarry  to  Head  IT 
At  St.  Jude  Medical 

St.  Jude  Medical  Inc.,  a  manufac¬ 
turer  of  medical  devices  in  St. 
Paul,  Minn.,  said  WILLIAM  J.  Mc- 
GARRY  is  joining  the  company  as 
vice  president  of  IT  and  CIO. 

Since  2001,  McGarry  has  served 
as  vice  president  of  enterprise 
applications  at  Medtronic  Inc. 
Previously,  he  held  executive  IT 
positions  at  General  Electric  Co., 
Owens  Corning,  Honeywell  Inc. 
and  The  Pillsbury  Co. 


Agriculture  Dept. 
Names  Combs  CIO 

Agriculture  Secretary  Mike  Jo¬ 
hanns  said  DAVE  COMBS  will 
serve  as  CIO  for  the  U.S.  Depart¬ 
ment  of  Agriculture.  Combs  previ¬ 
ously  served  as  acting  CIO  and 
acting  deputy  CIO.  He  came  to 
the  office  of  the  CIO  in  2003  after 
serving  as  special  assistant  to  the 
administrator  of  the  Rural  Utilities 
Service.  Before  that,  he  founded 
and  owned  Combs  Music,  an  in¬ 
dependent  record  company  in 
Winston-Salem,  N.C. 


CIO  Gluscic  to  Take 
On  Supply  Chain 

Phelps  Dodge  Corp.  in  Phoenix 
said  GERALD  GLUSCIC  will  be¬ 
come  vice  president  of  global 
supply  chain  management  and  in¬ 
formation  services.  Gluscic  joined 
the  producer  of  copper  and  other 
metals  as  vice  president  and  CIO 
in  2001.  He  will  continue  to  over¬ 
see  IT  and  network  systems. 


BARBARA  GOMOLSKI 


The  Shoemaker’s 
Children  and  I  T 


Run  IT  like  a  business.  I’m  sure  you’ve 
heard  that  edict  a  lot  lately  from  vendors, 
consultants  and  fellow  IT  managers.  It 
seems  like  a  no-brainer.  Of  course  it  makes 
sense  to  run  the  IT  function  like  a  busi¬ 
ness.  Many  large  organizations  spend  $50  million  to 
$100  million  on  IT  annually  —  that’s  a  decent-size  busi¬ 
ness.  Yet,  there’s  ample  evidence  that  we  IT  types 


have  been  so  preoccupied 
with  technical  issues  that  we 
have  neglected  the  business 
issues  of  IT.  Not  surprising, 
really.  If  we  were  that  inter¬ 
ested  in  business,  we  would 
have  become  CPAs  or  CEOs, 
right? 

Still,  one  of  the  reasons  IT 
organizations  fail  to  estab¬ 
lish  credibility  is  that  they 
lack  good  information  about 
the  business  of  IT  —  the 
kind  of  information  IT 
systems  help  to  provide 
for  other  business  units. 

Without  solid  and  accurate 
sources  of  data  about  IT  sys¬ 
tems,  people  and  processes,  it’s  impossi¬ 
ble  for  a  CIO  to  have  a  meaningful  con¬ 
versation  about  the  business  of  IT. 

Granted,  automation  is  no  guarantee 
of  process  improvement.  We  need  only 
look  at  ERP  to  prove  that.  Still,  it  seems 
inevitable  that  IT  organizations  are  des¬ 
tined  to  take  a  healthy  dose  of  their  own 
medicine. 

The  Wrong  Information 

Most  CIOs  have  ample  information 
about  the  operational  systems  of  their  IT 
departments  —  for  example,  the  number 
of  help  desk  calls  answered  or  the  num¬ 
ber  of  gigabytes  of  storage  added  last 
month.  The  problem  is  that  most  of 
these  statistics  are  way  below  the  radar 
of  C-level  executives. 

At  the  same  time,  the  kind  of  informa¬ 
tion  about  IT  that  top  executives  are 


seeking  is  simply  not  avail¬ 
able.  For  example,  a  chief 
financial  officer  may  wish  to 
determine  how  much  the 
company  spends  with  a  par¬ 
ticular  IT  vendor.  Or  the 
risk  officer  may  need  a  com¬ 
plete  Sarbanes-Oxley  status 
report  on  all  IT  systems. 
This  kind  of  information  is 
often  essential  for  important 
business  decisions.  Increas¬ 
ingly,  CIOs  who  can’t  pro¬ 
vide  this  level  of  informa¬ 
tion  to  other  parts  of  the 
organization  will  be  seen 
as  roadblocks  to  business 
success. 

All  of  this  leads  me  to  a  question:  Can 
we  ever  manage  IT  as  a  business  if  we 
refuse  to  automate  and  optimize  IT  man¬ 
agement  processes  with  software  tools? 

I  don’t  believe  we  can.  In  fact,  I  would 
argue  that  we  will  never  “arrive”  as  IT 
managers  until  we  have  the  same  oppor¬ 
tunities  for  automation  and  data  man¬ 
agement  as  the  other  functional  heads 
within  the  business  have  had.  For  exam¬ 
ple,  the  accountants  would  be  lost  with¬ 
out  their  financial  tools  and  reports; 
the  same  goes  for  human  resources  and 
even  sales. 

Certainly,  IT  has  some  software  tools 
at  its  disposal  today.  Most  large  organi¬ 
zations  have  made  significant  invest¬ 
ments  in  tools  for  systems  and  network 
management,  asset  management  and 
configuration  management,  just  to  name 
a  few.  But  the  bulk  of  these  tools  provide 


technical  information  that’s  more  inter¬ 
esting  to  the  people  within  IT  than  to  ex¬ 
ecutives  of  the  corporation.  We’ve  really 
only  scratched  the  surface  in  terms  of 
how  we  can  use  technology  to  make  our 
own  jobs  as  IT  managers  easier. 

Evolving  Tools 

The  IT  management  tool  landscape  is 
only  beginning  to  take  shape,  and  there 
are  lots  of  companies  approaching  from 
various  starting  points.  Ultimately,  this 
niche  will  include  everything  from  start¬ 
ups  to  industry  stalwarts  such  as  Micro¬ 
soft,  which  has  begun  to  promote  its 
Project  Server  and  .Net  platform  as  a 
mechanism  for  tying  together  a  spec¬ 
trum  of  tools  for  application  portfolio 
management. 

Right  now,  many  vendors  are  trying  to 
evolve  their  current  tools  with  new  ca¬ 
pabilities  aimed  at  helping  IT  managers 
take  a  more  business-oriented  approach. 
For  instance,  companies  like  Adaptive 
Networks,  Evident  Software,  Klir  Tech¬ 
nologies  and  Relicore  offer  tools  to  track 
IT  asset  usage  and  costs.  In  some  cases, 
these  tools  can  also  be  used  to  track  the 
cost  and  utilization  of  applications. 

Just  about  every7  vendor  that  offers 
project  and  portfolio  management  soft¬ 
ware  is  aiming  at  the  IT  management 
tool  space,  hoping  to  extend  the  capabili¬ 
ties  of  existing  packages  to  encompass 
additional  technology  management 
processes. 

Other  vendors  are  building  suites 
from  the  ground  up  to  help  IT  managers 
run  their  businesses.  ITM  Software  and 
Enamics  both  have  modular  suites  that 
are  aimed  at  processes  such  as  IT  finan¬ 
cial  management  and  governance. 

Although  IT  management  software  is 
a  nascent  market,  it’s  one  that  IT  leaders 
should  watch  carefully.  The  offerings 
in  this  market  will  present  them  with 
substantial  challenges  and  opportunities. 
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WANT  OUR  OPINION? 

©For  more  columns  and  links  to  our  archives,  go  to 

www.computerworld.com/opinions 


/  . 

BARBARA  GOMOLSKI.  a 

former  Computerworld 
reporter,  is  a  vice 
president  at  Gartner  Inc., 
where  she  focuses  on  IT 
financial  management. 

Contact  her  at 
barbgomolski@yahoo.com. 


Server  and  storage  products  may  require  purchase  of  more  than  one  product  or  feature  to  enable  the  virtualization  capabilities.  These  products  or  features  may  incur  an  additional  charge.  IBM  and 
the  IBM  logo  are  trademarks  or  registered  trademarks  of  Internationa!  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2005  IBM  Corporation.  All  rights  reserved. 


Control  starts  with  IBM  Systems. 
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Control  costs  with  servers  that  partition  virtually  so 
you  can  do  more  with  less  on  a  single  system. 

Control  time  with  systems  and  software  designed 
to  dynamically  manage  workloads  and  data  storage, 
helping  to  optimize  resources. 

Control  your  IT  destiny  with  IBM  Systems  -  a  range 
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Embedded  intelligence.  The  Scalar  i2000  is  the  first  library  to  integrate 
advanced  management  functions — proactive  monitoring,  built-in  partitioning, 
automated  diagnostics,  and  I/O  management — so  it  delivers  faster  and  more 
reliable  backup  and  uses  less  of  your  budget,  time,  and  staff. 


Faster  resolution,  fewer  service  calls.  Smarter  diagnostics  and  dedicated 
service  teams  mean  fewer  interruptions  and  faster  resolution.  The  Scalar 
i2000  requires  half  the  service  calls  of  conventional  libraries.  And  the 
worldwide  ADIC  service  team  solves  problems  before  customers  see  them. 


Capacity  on  demand.  As  its  name  suggests,  the  Scalar  i2000  is  designed  to 
scale  with  your  storage  needs.  So  you  don't  have  to  worry  about  running  out 
of  space  or  paying  for  more  than  you  need. 


After  all,  you  were  hired  to  use  your  brains  for  more  important  things. 


A  lot  of  products  claim  to  reduce  the  complexity  and  cost  of  enterprise 
backup.  But  one  actually  delivers — the  Scalar®  i2000,  part  of  the  growing 
iPlatform™  family  from  ADIC,  the  leading  provider  of  tape  libraries  for 
open-systems  backup.  * 


‘Market  share  from  Gartner  Dataquest,  Tape  Automation  Systems  Market  Shares,  2003,  F.  Yale,  April  2004. 


Intelligent  Storage™ 


Available  through  EMC  Corporation,  your  complete  source  for  information  lifecycle 
management  solutions.  Call  your  local  ADIC  or  EMC  sales  representative  for  more  information. 
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Virtual  Unity 

Alberto  Cruz  Natal,  technical  manager  at 
Hunterdon  Medical  Center,  moved  the 
community  hospital  to  a  centralized  storage 
architecture  via  a  SAN  and  a  high-end  Shark 
array.  This  storage  virtualization  setup  helps 
smooth  out  capacity  crunches.  PAGE  52 


Watchful  Eye 

Storage  resource  management 
tools  offer  a  single  window 
into  the  storage  network, 
allowing  users  to  measure  the 
performance  of  any  piece  of 
equipment.  PAGE  58 
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Storing  Stuff 

Forget  trying  to  get  control  over 
all  the  mobile  data  storage  devices 
inside  your  company.  What  you  need 
to  do  is  get  control  of  the  data,  says 
columnist  Mark  Hall.  PAGE  64 


EDITOR’S  NOTE 


When  you  hear  IT  managers 
complain  about  storage 
problems  —  whether  they 
involve  maintenance, 
adding  disk  drives,  provi¬ 
sioning,  load  balancing  or  backup  —  their 
beefs  all  fall  into  one  broad  category: 
storage  complexity.  “I  define  storage 
complexity  as  the  chaos  of  owning  and 
operating  thousands  of  storage  ele¬ 
ments,”  says  Michael  Peterson,  president 
and  senior  analyst  at  Strategic  Research 
Corp.  in  Santa  Barbara,  Calif. 

So  what  can  we  do  about  that  chaos? 
Various  technologies  have  emerged  that 
are  supposed  to  help,  such  as  storage  re¬ 
source  management  (SRM),  storage  vir¬ 
tualization,  object-based  storage  and  data 
classification  tools.  In  an  unscientific  au¬ 
dience  poll  at  April’s  Storage 
Networking  World,  the  vast 
majority  of  IT  managers  in 
attendance  said  they  have 
some  sort  of  simplification 
strategy,  including  SRM, 
automated  processes  and 
virtualization.  Only  15%  of  the  attendees 
said  storage  complexity  isn’t  a  problem 
in  their  organizations. 

Our  special  report  explains  how  sever¬ 
al  of  these  technologies  can  help  you  bat¬ 
tle  the  complexity  monster.  But,  as  usual, 
getting  to  that  nirvana  of  simplicity  isn’t 
going  to  be  easy.  One  technology  is  ma¬ 
ture  but  lacks  interoperability.  Another 
one  is  immature  and  lacks  standards.  A 
third  one  is  costly  and  could  cause  per¬ 
formance  bottlenecks. 

I  don’t  mean  to  be  a  pessimist,  but  trav¬ 
eling  the  road  to  Simplification  will  take 
a  very  long  time  if  we  continue  to  take 
two  steps  forward  and  one  step  back. 
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ing  on  business  needs,  without  disrupting  the  operat¬ 
ing  environment. 

“The  single  most  important  attribute  of  any  stor¬ 
age  virtualization  solution  is  the  ability  to  mask  com¬ 
plexity  and  thereby  make  manageable  that  which  is 
increasingly  unmanageable,”  Webster  says. 

Simplify,  Please 

There’s  nothing  simple,  however,  about  understand¬ 
ing  all  the  different  forms  of  virtualization  on  the 
market  today  and  deciding  which  one  is  right  for 
you.  In  Hunterdon  Medical  Center’s  case,  the  deci¬ 
sion  wasn’t  too  difficult  —  its  value-added  reseller 
proposed  that  it  move  to  a  centralized  storage  archi¬ 
tecture  via  a  storage-area  network  (SAN).  Because 
the  reseller  recommended  moving  the  HIS  system 
to  an  IBM  RS/6000  (one  at  the  hospital  and  one  in 
the  disaster  recovery  site),  it  also  made  sense  to  use 
IBM  storage  in  the  form  of  a  high-end  Shark  array 
(one  at  the  hospital  and  one  off-site).  IBM  and  Data- 
Core  Software  Corp.  in  Fort  Lauderdale,  Fla.,  had  an 
agreement  to  use  SANsymphony  software  to  virtual¬ 
ize  the  Shark  array,  so  that  was  added  to  the  environ¬ 
ment  as  well. 

When  this  project  was  under  way  in  2003,  storage 
heavy  hitters  IBM,  Hitachi  Data  Systems  Corp.  and 
EMC  Corp.  weren’t  touting  storage  virtualization 
products.  But  now  that  they  are  —  or,  in  EMC’s  case, 
are  close  to  it  —  there  are  so  many  approaches  to  vir¬ 
tualization  that  it’s  difficult  to  decide  what’s  best  for 
your  environment  (see  chart,  page  54). 

For  instance,  some  vendors  place  virtualization  ca¬ 
pabilities  on  the  storage-array  controller  itself  (often 
referred  to  as  array-based  virtualization),  meaning 
that  you  purchase  both  the  storage  and  the  virtual¬ 
ization  capability  together.  Others  place  it  on  a  serv¬ 
er  (often  called  appliance-based  virtualization)  that 
sits  between  the  application  server  and  the  storage. 
Still  others  choose  to  put  it  on  an  intelligent  switch 
(called  network-based  virtualization)  that  either 
takes  an  “in-band”  approach,  where  the  virtualization 
commands  travel  the  same  path  as  the  data  between 
the  application  server  and  the  storage  array,  or  an 
“out-of-band”  approach,  where  the  commands  and 
the  data  take  separate  paths. 

Even  individual  vendors  offer  a  variety  of  ap¬ 
proaches.  For  example,  IBM’s  SAN  Volume  Con¬ 
troller  (SVC)  is  an  appliance-based  system  that’s  also 
available  in  a  switch-based  configuration.  Mean¬ 
while,  its  DS8000  is  array-based,  along  the  lines  of 
Hitachi’s  Universal  Storage  Platform.  EMC’s  forth¬ 
coming  Invista  is  an  out-of-band  network-based 

Continued  on  page  54 


of  hardware.  The  hospital  had  also  just  built  a  disas¬ 
ter  recovery  hot  site  15  miles  away,  but  it  hadn’t  yet 
formalized  a  strategy  to  vault  its  data  to  that  off-site 
location. 

Ineffective  capacity  utilization,  growing  data  vol¬ 
umes,  labor-intensive  storage  management,  a  need 
for  better  disaster  recovery  —  this  classic  scenario 
is  driving  many  users  today  to  explore  the  world  of 
storage  virtualization.  According  to  John  Webster, 
founder  of  Data  Mobility  Group  LLC  in  Nashua, 

N.H.,  data  is  growing  at  60%  to  80%  or  more  per  year 
for  many  companies,  and  storage  administrators  are 
spending  20%  to  30%  of  their  time  on  volume  man¬ 
agement  tasks.  It’s  clear  that  businesses  need  ways  to 
simplify  the  job  of  managing  all  this  data,  and  storage 
virtualization  claims  to  help. 

It  does  this  by  making  physically  separate  and  even 
heterogeneous  storage  arrays  appear  to  be  a  single 
logical  pool  of  storage  resources,  manageable  from  a 
central  console.  The  goal  is  for  data  to  freely  flow 
among  the  various  tiers  and  types  of  storage,  depend- 


HREE  YEARS  AGO,  Hunterdon  Medical 
Center  in  Flemington,  N.J.,  could  claim  one 
server  for  every  two  beds  in  its  176-bed 
facility.  But  for  Alberto  Cruz  Natal,  techni¬ 
cal  manager  at  the  community  hospital, 
that  was  nothing  to  be  proud  of. 

“Our  data  center  was  overflowing  with  servers,” 
says  Cruz  Natal.  Worse,  each  of  those  servers  had  its 
own  direct-attached  SCSI  storage  device.  When  a 
server  ran  out  of  disk  space,  IT  either  had  to  buy  an¬ 
other  server  or  manually  extend  the  server’s  storage 
partitions,  a  time-consuming  and  disruptive  job. 
Meanwhile,  some  servers  had  excess  capacity. 

Reconfiguring  storage  devices  wasn’t  exactly  a 
chore  that  the  IT  group  could  afford  to  spend  so 
much  time  on.  The  hospital  was  preparing  to  go  live 
with  a  new  clinical  charting  system,  which  precipi¬ 
tated  a  need  to  migrate  the  QuadraMed  Corp.  Affini¬ 
ty  hospital  information  system  (HIS)  from  its  current 
platform  —  a  5-year-old  Unix  box  from  the  former 
Digital  Equipment  Corp.  —  to  a  more  powerful  piece 


Simply  Put 


makes  heterogeneous  stor¬ 
age  arrays  appear  as  a  single  logical  pool  of  resources  that 
can  be  managed  from  a  single  console,  easing  administra¬ 
tive  tasks  such  as  backup,  archiving  and  recovery.  How¬ 
ever,  some  question  the  cost  and  potential  for  performance 
bottlenecks  in  some  implementations,  and  nearly  every¬ 
one  agrees  that  vendors  need  to  get  better  at  integrating 
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product,  which  is  the  newest  —  and  some  say  most 
promising  —  type  of  storage  virtualization. 

Although  IBM’s  SVC  currently  leads  the  market 
with  1,200  installations,  “the  market  is  still  very 
much  in  a  state  of  flux,”  Webster  says. 

Up  in  the  Air 

No  wonder  most  customers  are  still  in  evaluation 
mode  with  the  technology.  According  to  Tony  Asaro, 
senior  analyst  at  Enterprise  Strategies  Group  Inc.  in 
Milford,  Mass.,  Hunterdon  Medical  Center  is  one  of 
only  3,000  companies  globally  that  have  implement¬ 
ed  storage  virtualization  today. 

But  Cruz  Natal  is  pretty  happy  that  he  did.  At  first, 
he  says,  DataCore  was  “just  another  part  of  the  sys¬ 
tem.”  Very  quickly,  however,  it  opened  up  a  whole 
new  world  of  possibilities.  The  most  important,  he 
says,  is  the  ability  to  put  any  type  of  storage  behind 
the  DataCore  virtualizer,  including  lower-end  sys¬ 
tems  based  on  JBOD,  FAStT  and  Serial  ATA.  This 
eliminated  the  need  to  keep  non-mission-critical  or 
less-accessed  data  on  the  high-end  Shark  system  or 
manually  move  it  to  less  expensive  disk  systems. 

“We  now  have  the  flexibility  to  buy  different  types 
of  storage  for  different  types  of  systems  and  manage 
it  centrally  through  DataCore,”  he  says. 

Second,  administration  and  maintenance  are  much 
less  costly,  Cruz  Natal  says.  With  a  few  clicks,  admin¬ 
istrators  can  create  storage  partitions  up  to  2TB  for 
application  servers.  SANsymphony  monitors  the  serv¬ 
er’s  actual  storage  usage,  enabling  administrators  to 
assign  more  storage  to  that  disk  pool  on  an  as-needed 
basis.  “We  don’t  have  to  extend  the  partition  or  create 
a  new  one,”  he  says.  “We  can  just  buy  additional  disk 
at  a  later  point  in  time  and  assign  it  to  the  same  pool.” 

And  with  a  third  DataCore  server  and  a  redundant 
RS/6000  server  off-site,  the  hospital  can  also  mirror 
data  to  the  disaster  recovery  site,  limiting  downtime 
to  a  maximum  of  two  hours. 

Some  observers  say  technologies  such  as  Data- 
Core’s  cause  performance  bottlenecks  because  of 
their  location  on  the  network.  Bernard  Shen,  an  inde¬ 
pendent  contractor  who  specializes  in  storage  archi¬ 
tectures  and  server  consolidation,  argues  that,  given 
the  cost  of  virtualization  products  and  their  perfor¬ 
mance  hit,  it  can  be  just  as  effective  in  midsize  envi¬ 
ronments  to  add  more  disk  to  the  array  rather  than 
virtualize  disparate  arrays. 

“In  environments  with  medium  to  lower  high-end 
capacities,  I  have  not  seen  a  true  need  to  put  a  virtual¬ 


ization  layer  in  place  yet  because  of  the  cost  and  per¬ 
formance  issues  associated  with  it,”  Shen  says.  Costs 
include  the  price  of  the  device,  training  people  to  use 
it  and  licensing  fees.  “If  you  have  two  SANs  with  1TB 
each,  you  need  to  pay  a  license  fee  for  2TB,”  he  says. 

Shen  also  argues  that  adding  a  virtualization  device 
adds  a  layer  of  complexity.  “Vendors  sell  it  as  a  single 
point  of  management,  but  that  doesn’t  mean  it’s  trans¬ 
parent  to  managers,”  he  says.  For  instance,  in  environ¬ 
ments  where  even  the  logical  partitions  are  managed 
by  the  volume  controller,  you  may  not  always  know 
which  disks  are  working  with  which  servers.  “You’d 
know  a  RAID  set  has  failed,  but  you  don’t  know  which 
application  is  using  that  RAID  without  looking  into 
it,”  Shen  says.  While  Shen  anticipates  improvements 
in  the  technology  nine  to  12  months  out,  right  now,  he 
says,  “I’m  not  sure  that  storage  virtualization  is  neces¬ 
sarily  universal  for  everybody.” 

Cruz  Natal  says  the  hospital  doesn’t  experience 
performance  slowdowns  because  it  doesn’t  have  a 
high  volume  of  transactional  data.  “Bottom  line,”  he 
continues,  “it  doesn’t  lock  me  into  what  kind  of  stor¬ 
age  I  use,  which  helps  us  keep  costs  in  line,  and  it  re¬ 
solves  the  issue  of  training  staff  to  manage  the  sys¬ 
tem  manually,  which  lowers  maintenance  costs.” 

At  the  same  time,  Cruz  Natal  says  he’d  like  man¬ 
agement  tools  that  give  him  dashboardlike  visibility 
into  things  such  as  the  status  of  partitioning  volumes 
or  the  disk  pool  when  slowdowns  occur.  “Better  inte¬ 
gration  of  all  the  tools  becomes  more  critical  be¬ 
cause  we  have  so  many  systems,”  he  says. 

Getting  training  staff  to  deal  with  this  new  archi¬ 
tecture  is  crucial,  he  says.  You  need  at  least  three 
people:  one  who’s  familiar  with  how  the  application 
servers  interact  with  the  SAN,  one  who  understands 
the  SAN  fabric  itself  and  an  administrator  who 
knows  how  to  create  new  partitions,  move  volumes 
around  and  troubleshoot  the  virtualization  server. 

Howto  Choose 

Array-based,  network-based,  appliance-based  —  the 
fact  is,  there’s  no  “best”  choice  for  virtualizing.  It  all 
depends  on  what  you’re  looking  for.  “You  have  to 
look  at  what  kinds  of  operations  that  the  virtualiza¬ 
tion  device,  wherever  it  is,  can  offer  you  as  a  user 
and  which  are  most  important  to  you,”  Webster  says. 

The  question  is,  what’s  your  pain  point?  “Some 
people  want  to  slow  down  their  hardware  spending, 
and  others  want  to  decrease  their  administration  bud¬ 
get,”  Asaro  says.  Some  might  want  to  rearchitect  their 
entire  storage  infrastructure,  while  others  want  to  im- 


Virtualizing  Virginia 


THE  CITY  OF  RICHMOND  is  another  satisfied  virtual¬ 
ization  user.  Earlier  this  year,  it  faced  problems  similar  to 
those  at  Hunterdon  Medical  Center.  As  its  server  farm 
population  grew  to  120  servers,  certain  disks  would  fill  up 
while  others  had  plenty  of  free  storage.  “But  we  couldn’t 
share  the  two  and  migrate  the  tools  together,”  says  Lyle 
Gleason,  systems  architect  for  the  city. 

Servers  included  a  mix  of  Intel,  IBM  AIX,  HP-UX  and 
Sun  devices  and  an  IBM  z/OS  mainframe.  Storage  was 
a  mix  of  onboard  hard  disk  and  two  Clariion  systems  from 
EMC.  As  a  result,  adding  storage  was  also  manually  inten¬ 
sive.  “The  different  servers  had  different  device  drivers, 
so  when  we  added  storage,  we  also  had  to  make  sure 
the  drivers  worked  correctly,”  Gleason  says. 

The  city  brought  in  Hitachi,  EMC  and  IBM,  eventually 
selecting  IBM’s  SAN  Volume  Controller  because  it  put  vir¬ 
tualization  outside  of  the  array.  The  SVC  device  virtual¬ 
izes  a  mix  of  systems,  including  the  EMC  Clariions,  an 
IBM  ESS800  Shark  and  one  IBM  DS4300,  formerly  of 
the  FAStT  line  of  arrays.  “We  can  now  provide  the  proper 
class  of  storage  for  the  proper  application,”  Gleason  says. 

In  addition,  storage  provisioning  happens  in  minutes, 
according  to  Gleason,  and  servers  interact  with  just  one 
generic  device  driver.  And  rather  than  seven  network 
engineers  sharing  responsibility  for  storage  tasks,  now 
one  systems  engineer  handles  it  all,  says  Steve  Forstner, 
director  of  IT  for  the  city.  The  city  is  also  experimenting 
with  SVC’s  snapshot  capabilities  for  backup  purposes. 

So  far,  Forstner  and  Gleason  see  no  additional  com¬ 
plexities  as  a  result  of  implementing  SVC.  They  also  say 
SVC’s  system  tools  clearly  map  out  which  disks  are 
mapped  to  which  servers. 

-MaryBrandel 


plement  tiered  storage  in  piecemeal  fashion,  he  says. 

Despite  general  agreement  that  virtualization 
adoption  will  take  off  in  the  next  year  and  a  half, 
everyone  agrees  that  the  vendors  have  to  get  better 
at  integrating  heterogeneous  systems  and  simplifying 
deployment.  Brad  O’Neill,  an  analyst  and  consultant 
at  Taneja  Group  Inc.  in  Hopkinton,  Mass.,  compares 
it  to  the  server  virtualization  world.  “VMware  has  an 
easy-to-deploy  solution  with  a  lot  of  flexibility,”  he 
says.  “It  has  to  get  to  that  level.”  O  56891 


Brandel  is  a  Computerworld  contributing  writer 
in  Newton,  Mass.  Contact  her  at  marybrandel@ 
verizon.net. 


Vsrtuadization  Type  Perceived  Benefits 


Trade-offe 


Host-based 

■  Relatively  low  cost. 

■  Supports  heterogeneous  storage  resources. 

■  Operating-system-dependent. 

■  Performance  dependent  on  host  processing  resources. 

Appliance-based 

(Also  called  fabric-based) 

■  Supports  heterogeneous  storage  resources  and  application  servers. 

■  Future  versions  will  be  based  on  the  ANSI’s  Fabric  Application  Interface 
Standard  (FAIS). 

■  Some  implementations  lack  scalability  and  reliability  for  critical  systems. 

■  FAIS  still  under  development. 

■  Potentially  adds  1/0  latency  and  opportunity  for  security  breaches. 

■  Could  introduce  another  layer  of  management  complexity. 

Array-based 

■  Can  be  optimized  to  underlying  disk  resources. 

■  Supports  heterogeneous  hosts  but  homogeneous  storage  resources. 

■  Proprietary  implementation  of  virtualization. 

Network-based 

(Also  called  out-of-band  switch- 
based  or  external  full-function 
storage  controller) 

■  Supports  heterogeneous  storage  resources  and  application  servers. 

•  Reduces  complexity  of  switching  infrastructure. 

■  Potential  for  proprietary  implementation  of  virtualization. 

.,  - 

NAS  gateway 

■  Allows  IP  network  to  participate  in  storage  virtualization. 

■  Support  for  back-end  storage  varies  and  is  highly  vendor-dependent. 
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Oecluttered 
Data 


Object-based  storage 
brings  order  to 
dissimilar  files. 

By  Jennifer  Jones 


www. enrkovarrasso.com 


SERVING  as  A  sort  of  boot  camp  for  scat¬ 
tered  data,  object-based  storage  techniques 
thrive  in  organizations  that  need  heavy 
doses  of  discipline  both  to  appease  hover¬ 
ing  regulators  and  strengthen  internal  data 
retention  and  retrieval  methods. 

Here’s  how  it  works:  Object-based  archiving  tech¬ 
nology  corrals  disparate  data  files  —  documents,  im¬ 
ages,  video  clips  or  audio  files  —  into  content  “ob¬ 
jects”  tagged  with  metadata  to  make  the  information 
searchable  regardless  of  location.  Also  called  con¬ 
tent-aware  or  content-addressable  storage,  the  tech¬ 
nology  is  still  in  its  infancy  but  is  often  hailed  as  a 
fast  and  easy  way  to  pool  and  manage  large  data  sets. 

Right  now,  object-based  archiving  is  most  popular 
in  heavily  regulated  sectors.  Particularly  drawn  to 
the  technology  are  health  care  and  financial  services 
organizations  grappling  with  complex  statutes  such 
as  the  Sarbanes-Oxley  Act’s  financial  and  accounting 
disclosure  rules  or  the  Health  Insurance  Portability 
and  Accountability  Act. 

But  the  appeal  of  object-based  storage  is  reaching 
beyond  compliance.  “Rapid  adoption  of  this  technol¬ 


ogy  is  likely  among  those  corporations  concerned 
with  regulatory  issues  or  those  seeking  self-imposed 
discipline,”  says  Galen  Schreck,  an  analyst  at  For¬ 
rester  Research  Inc. 

“This  technology  simplifies  the  application  of  poli 
cies,  especially  those  governing  the 
retention  of  data,”  he  says.  Schreck 
characterizes  object-based  storage 
as  a  promising  alternative  to 
“dumb”  storage  —  network-attached 
storage  technology,  for  instance  — 
although  the  technology  still  lacks 
standards  (see  story  below). 

Indeed,  the  simplicity  of  technol¬ 
ogy  is  key,  agrees  Michael  Peterson, 
president  of  Santa  Barbara,  Calif.- 
based  Strategic  Research  Corp. 

“Complexity  is  the  No.  1  problem  of 
enterprise  storage  efforts,”  he  notes.  “Fortune  1,000 
companies  can  easily  have  300  remote  sites  per  com¬ 
pany,  and  they  have  to  start  consolidating.” 

Management  Benefit 

Providers  are  hustling  to  convince  corporate  buyers 
of  object-based  storage  technology’s  added  value  and 
ability  to  reduce  complexity.  “Compliance  and  legal 
discovery  was  a  factor  in  selecting  an  object-based 
solution,  but  we  found  that  it  enhanced  our  ability  to 
effectively  manage  storage,”  says  Tom  La  Voie,  Win- 
tel  support  manager  at  Pacific  Life  Insurance  Co.  in 
Newport  Beach,  Calif.,  which  uses  EMC  Corp.’s  Cen- 
tera  Compliance  Edition  Plus. 

The  New  York  Botanical  Garden  (NYBG)  is  anoth¬ 
er  example  of  a  company  looking  beyond  regulatory 
issues.  The  Bronx-based  nonprofit  certainly  needs 
to  comply  with  Sarbanes-Oxley  provisions.  But  IT 
executives  at  the  NYBG  eyed  object-based  technol¬ 
ogy  to  improve  the  storage  of  digital  assets  tied  to  its 
collection  of  7  million  dried  plant  specimens. 

“Some  of  these  specimens  date  to  Lewis  and  Clark,” 
says  Josh  Freeman,  NYBG’s  IT  director.  To  avoid 
shipping  fragile  specimens  to  botanical  researchers, 
NYBG  has  built  a  vast  digital  library  using  the  Elec¬ 
tronic  Museum  (EMu)  system  from  KE  Software  in 
Vancouver,  British  Columbia.  But  NYBG  officials 
hedged  on  using  EMu’s  internal  storage  capabilities. 
“KE  is  great  software  and  a  great  database,  but  every¬ 
thing  it  stores,  it  stores  according  to  its  own  process 
inside  the  application,”  notes  Freeman. 

Ultimately,  NYBG  settled  on  Archivas  Inc.’s 
Archivas  Cluster,  which  pulls  together  data  stored 
throughout  NYBG’s  architecture  —  for  instance,  on 
FireWire  hard  drives,  in  PDF  files  or  on  DVDs.  “We 
now  have  one  large  pool.  That  has  made  life  easier 
because  we  have  fewer  bins  that  we  are  dropping 
data  in,”  Freeman  says. 

Good  Samaritan  Community  Health  Care  in 
Puyallup,  Wash.,  also  decided  not  to  commit  to  the 
storage  options  found  in  a  single  application.  The 


Simply  Put 


draws  together  disparate  data 
files  into  content  “objects,” 
Tagged  with  metadata,  the  data 
is  searchable  regardless  of  its 
location.  But  for  now,  the  storage 
industry  lacks  standards  for  the 
technology. 


facility  recently  adopted  a  picture  archive  and  com¬ 
munications  system  to  generate  and  manage  large 
image  and  video  files.  “But  we  decided  to  design 
storage  services  separately,”  says  Eric  Lowe,  Good 
Samaritan’s  technology  and  operations  manager. 

Using  Permabit  Inc.’s  Permeon  Compliance  Store 
package,  Good  Samaritan  was  able  to  meet  its  need 
for  massive  storage  capacity  —  a  chest  scan  alone 
consumes  5MB  to  10MB  —  and  address  the  complex 
formulas  the  entire  health  care  industry  must  em¬ 
ploy  for  data  retention.  “For  example,  a  chest  CT 
scan  must  be  kept  for  a  minimum  of  10  years,  but  in 
all  pediatric  cases,  the  files  must  be  kept  three  years 

_ past  the  point  at  which  the  patient 

turns  21,”  Lowe  explains. 

For  Lowe  and  others  struggling 
with  such  data-retention  mandates, 
object-based  storage  can  make  life 
easier,  says  Forrester’s  Schreck. 
“The  technology  simplifies  the  ap¬ 
plication  of  policies,”  he  says.  Plus, 
these  systems  impose  hardware- 
level  enforcement  of  the  policies, 
Schreck  adds. 

Enforcement  is  critical,  especial¬ 
ly  in  sectors  such  as  financial  ser¬ 
vices.  “For  e-mails  and  other  documents  to  be  admis¬ 
sible  in  court,  you  must  be  able  to  prove  that  items 
have  not  been  tampered  with,”  says  Richard  Hall, 
group  IT  manager  at  Coda  Financials  Inc.,  a  provider 
of  accounting  and  procurement  systems  in  Manches¬ 
ter,  N.H.  Coda  uses  Hewlett-Packard  Co.’s  Reference 
Information  Storage  System. 

Whether  it’s  to  make  a  case  in  court  or  simply  to 
shore  up  existing  storage  methods,  object-based 
technology  may  well  be  worth  a  look.  O  56885 

Jones  is  a  freelance  writer  in  Vienna,  Va.  Contact 
her  at  jjwriterva@aol.com. 


Race  for  Standards 


ALTH0UCH  OBJECT-BASED  STORAGE  makes 
it  possible  to  span  a  variety  of  repositories  and 
better  appease  regulators,  the  fledgling  technology 
lacks  standards  and  might  pose  some  risk  to  early 
adopters. 

“If  there  is  a  downside  at  all  to  this  technology,  it  is 
centered  on  the  way  in  which  the  objects  are  stored,” 
claims  Galen  Schreck,  an  analyst  at  Forrester  Re¬ 
search.  “We  are  in  advance  of  any  standards." 

However,  the  Storage  Networking  Industry  Asso¬ 
ciation  and  others  are  working  to  establish  common 
ground  on  object-based  storage  technologies.  “We 
are  now  defining  this  new  methodology  and  devel¬ 
oping  standards,"  says  Michael  Peterson,  SNIA’s 
founder  and  president  of  Strategic  Research  Corp. 

With  standards  on  the  way  and  the  added  bene¬ 
fits  that  object-based  storage  provides  over  more 
common  network-attached  storage,  the  risk  is  small 
and  arguably  worthwhile,  Schreck  says. 

-Jennifer  Jones 
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»  Security  can’t  keep  pace?  Adding  branch  offices,  remote  users  and  personal  device  after  personal 
device  to  your  network?  Then  call  Juniper  Networks  for  assured  -  and  secure  -  remote  access.  Our 
flexible,  industry-leading  VPN  solutions  vigorously  secure  your  network,  while  delivering  outstanding 
performance  for  an  excellent  network  experience.  Visit  www.juniper.net/vpnguide  for  information  on 
how  to  select  the  best  VPN  solution  for  your  business.  Stunningly  superior  service  and  performance  is 
easy:  simply  Juniper  your  net. 


58  COMPUTERWORLD  October  17, 2005 


KNOWLEDGE  CENTER  STORAGE 


www.computerworld.com 


www.  enricovarrasso.  com 


V 

mm  .m 

VWuiOl 

ll  11  VI 
1  II  11 

Simply  Put 

helps  keep  an  eye  on  storage 
capacity  and  reduces  the  management 
load  by  bringing  several  storage  man¬ 
agement  functions  into  a  single  inter¬ 
face.  Complex  and  costly  when  first  in¬ 
troduced  to  the  market,  SRM  is  now 
simple  to  use.  Its  main  challenge  is  a 
lack  of  smooth  interoperability  among 
hardware  and  software  products. 


Storage  is  getting  very 
cheap.  Even  a  home  user 
can  get  a  1TB  LaCie  external 
desktop  drive  for  less  than 
$1,000.  The  bad  news  is 
that  because  storage  prices  have  fall¬ 
en  so  sharply,  capacity  is  growing 
60%  to  100%  annually,  so  the  amount 
of  capacity  each  storage  administra¬ 
tor  needs  to  manage  is  going  through 
the  roof.  The  complexity  of  storage 


architectures  is  also  increasing. 

George  Rodriguez,  lead  systems 
programmer  at  ABC  Distributing  LLC 
in  North  Miami,  Fla.,  oversees  the 
catalog  and  online  retailer’s  IBM  En¬ 
terprise  Storage  Server  2105  Model 
F20  storage  array,  which  services  a 
z800  mainframe  as  well  as  Unix 
servers  running  Oracle  Financials. 
“The  amount  of  storage  available  to 
the  system  is  4.3'TB,”  he  says.  “With¬ 
out  an  automation  tool,  managing  this 
amount  of  storage  would  be  an  im¬ 
possible  task.” 

Lacking  tools  to  gain  visibility  into 
and  control  over  storage,  the  compa¬ 
ny  was  running  out  of  space,  and  that 
was  causing  delays  in  batch  proc¬ 
essing.  A  year  ago,  Rodriguez  in¬ 
stalled  BrightStor  CA-Vantage,  a  stor¬ 
age  resource  management  (SRM)  tool 
from  Computer  Associates  Interna¬ 
tional  Inc.,  to  provide  a  common  in¬ 
terface  for  both  the  z800  and  Unix 

Continued  on  page  60 


Storage  resource 
management  offers 
a  single  window  into 
the  storage  network. 

By  Drew  Robb 
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sTget  the  facts. 

RAYOVAC  CHOSE  WINDOWS  SERVER 
SYSTEM  AND  EXPECTS  TO  SAVE  NEARLY 
ONE  MILLION  DOLLARS. 


"By  choosing  Windows  Server™  over  Linux  for  our 
new  SAP  APO  solution,  we'll  save  an  estimated  one 
million  dollars  in  software,  staffing,  and  support  costs 
over  the  first  four  years.  We  needed  performance, 
security  enhancements,  and  reliability  at  a  reasonable 
price,  and  Linux  would  have  presented  additional 
risks  in  all  of  those  areas.  It  may  be  the  new  thing 
from  a  technical  perspective,  but  Linux  doesn't  cut 
it  from  a  business  perspective — I  need  a  proven  IT 
environment  that  I'm  sure  we  can  support." 

-Rick  Dempsey,  Chief  Information  njiyiinir 
Officer,  Rayovac  nmVWM 
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Continued  from  page  58 
storage.  On  the  z800  side,  he  uses  the 
software  to  manage  the  storage  groups 
defined  in  the  system  using  the  Web 
publishing  scripts  that  come  with  CA- 
Vantage.  He  also  uses  it  to  extract  data 
generated  by  CA’s  BrightStor  ARC- 
serve  backup  utility  to  produce  reports 
validating  the  backup  results.  Ro¬ 
driguez  says  he  set  up  the  CA-Vantage 
graphical  user  interface  on  his  own  in 
less  than  a  day,  without  any  special 
training  on  the  product. 

“Setting  up  my  own  views  took  a  lit¬ 
tle  longer  but  was  well  worth  the  ef¬ 
fort,”  he  says.  “Once  you  start  using 
the  facilities  of  the  product,  you  can 
set  up  the  same  look  and  feel  on  both 
the  mainframe  and  open-systems 
sides.” 

Simpler  Storage 

SRM  can  improve  the  efficiency  of 
storage  use  and  reduce  the  manage¬ 
ment  load  by  bringing  a  number  of 
functions  into  a  single  interface.  Some 
SRM  tools  are  stand-alone  products, 
but  SRM  features  are  also  found  in 
some  management  applications.  Func¬ 
tions  vary  by  product,  but  they  can 
include  data  collection,  backup  and 
recovery,  user  authentication,  provi¬ 
sioning  and  performance  monitoring. 

“SRM  is  very  useful  as  a  capacity 
management  tool,  since  it  is  the  only 
tool  that  can  do  discovery  of  data  char¬ 
acteristics  for  information  life-cycle 
management,  capacity  management  or, 
in  some  cases,  change  management,” 
says  Michael  Peterson,  president  of 
Strategic  Research  Corp.  in  Santa  Bar¬ 
bara,  Calif.  “By  themselves,  they  don’t 
reduce  complexity,  but  they  do  offer  a 
view  into  an  area  that  is  hard  to  get 
your  hands  around,  especially  for  un¬ 
structured  data.” 

In  fact,  while  SRM  tools  are  de¬ 
signed  to  help  reduce  complexity,  the 
complexity  of  the  tools  themselves 
hampered  early  adoption. 

“In  the  past,  SRM  was  trying  to  bite 
off  too  big  a  chunk  for  most  to  swal¬ 
low,”  says  Steve  Duplessie,  an  analyst 
at  Enterprise  Strategy  Group  Inc.  in 
Milford,  Mass.  “It  was  too  expensive 
and  did  so  many  things  that  no  one 
could  really  use  it.” 

That’s  no  longer  the  case.  According 
to  figures  issued  by  market  research 
company  IDC  last  month,  the  world¬ 
wide  storage  software  market  has  ex¬ 
perienced  double-digit  growth,  hitting 
$2.1  billion  in  the  second  quarter  of  this 
year,  an  11.8%  increase  over  the  previ¬ 
ous  year.  SRM  sales  represented  about 
one-third  of  that  overall  figure.  Part  of 
the  growth  is  a  result  of  SRM  follow- 


THE  MAIN  PROBLEM  with  managing 
storage  resources  is  a  lack  of  smooth 
interoperability  among  various  hard¬ 
ware  and  software  products.  To  ad¬ 
dress  this  issue,  the  Storage  Network¬ 
ing  Industry  Association  (SNIA)  has 
created  the  Storage  Management  Ini¬ 
tiative  Specification  (SMI-S),  which 
defines  standards  for  the  storage  data 
path  (applications,  file  systems,  vol¬ 
ume  managers,  operating  systems, 
host  bus  adapters,  SAN  switches  and 
fabrics,  and  storage  devices)  and  the 
storage  management  path. 

“Because  of  a  lack  of  data-path  in¬ 
teroperability,  a  simple  patch  upgrade 
on  an  OS  -  say,  for  security  -  can  un¬ 
ravel  the  stability  of  the  data  path,” 
says  Wayne  N.  Adams,  chairman  of  the 
SNIA  board  of  directors. 

“Lack  of  management  path  interop¬ 
erability  results  in  the  need  to  have 
several  SRM  tools  to  manage  portions 
of  the  storage  configuration,  which 


raises  the  cost  of  operations  for  train¬ 
ing,  tools  and  tool  maintenance  and  re¬ 
quires  a  high  skill  set  to  oversee  the 
environment,”  says  Adams. 

The  initial  objective  for  SMI-S  was 
to  provide  a  common  interface  for  stor¬ 
age  devices  to  address  management 
path  interoperability.  SMI-S  Version 
1.03  addresses  storage  resource  man¬ 
agers,  storage  arrays  and  SAN  switch¬ 
es.  Vendors  have  incorporated  that 
version  into  more  than  200  products  to 
date.  Version  1.1,  released  in  Septem¬ 
ber,  adds  support  for  tape  libraries, 
NAS  and  iSCSI  and  add  data  move¬ 
ment  in  the  form  of  copy  services  for 
snapshots  and  mirrors. 

“I’ve  been  able  to  create  a  custom 
report  of  the  ARCserve  backup  show¬ 
ing  detailed  information,  including  the 
[tape  volume  serial  number]  -  the 
system  used  to  place  the  data  on 
tape,”  says  Adams.” 

-Drew  Robb 


ing  the  path  taken  earlier  by  ERP  and 
framework  packages:  Products  are  be¬ 
ing  broken  down  into  smaller  modules. 

“Forty-five  percent  of  larger  enter¬ 
prises  have  already  adopted  some 
SRM  somewhere  in  their  world,  and 
20%  more  will  do  so  this  year,”  says 
Duplessie.  “SRM  will  take  off  now  that 
it  is  cheaper  and  simpler  and  geared  to 
where  the  midmarket  can  afford  and 
implement  it.” 

Retention  Policies 

Chris  Meredith,  manager  of  technical 
services  at  Lincare  Holdings  Inc.,  a 
$1  billion  company  in  Clearwater,  Fla., 
that  provides  oxygen  and  respiratory 
services  for  in-home  patients  nation¬ 
wide,  says  he,  too,  found  it  easy  to  set 
up  an  SRM  tool.  It  took  Meredith  three 
to  four  hours  to  install  the  Northern 
Storage  Suite  from  Northern  Parklife 
AB  in  Stockholm.  He  uses  it  to  manage 
4.5TB  of  storage  at  Lincare’s  headquar¬ 
ters  and  another  30TB  at  its  primary 
pharmacy  facility  in  Kansas  City,  Mo. 

“With  Sarbanes-Oxley  and  HIPAA, 
future  retention  of  certain  types  of  in¬ 
formation  became  more  relevant,  so 
we  decided  to  take  a  proactive  ap¬ 
proach,”  Meredith  says.  “We  wanted  to 
start  limiting  users  on  how  much  stor¬ 
age  they  could  use  and  start  imple¬ 
menting  retention  policies  before  it 
became  a  problem.” 

He’s  currently  using  the  Northern 
software  to  limit  storage  shares,  setting 


a  150MB  cap  on  users’  home  directo¬ 
ries.  When  users  get  close  to  that  limit, 
the  SRM  system  sends  them  an  e-mail 
telling  them  where  to  go  to  view  their 
files  and  delete  anything  they  no 
longer  need. 

“An  added  benefit  we  have  seen  is 
that  people  no  longer  hoard  informa¬ 
tion  in  their  home  directories,”  says 
Meredith.  “When  we  started  putting  in 
hard  caps  on  their  home  directories, 
they  started  moving  that  information 
into  a  place  such  as  a  departmental 
share  where  more  people  can  access 
that  information.” 

Lincare  has  saved  money  with  SRM 
by  cutting  down  on  the  amount  of 
storage  capacity  needed.  Meredith  has 
been  able  to  block  employees  from 
saving  MP3  data,  for  example,  and  as 
they  move  files  to  department  shares, 
there  are  no  longer  multiple  copies  of 
the  same  document  stashed  in  differ¬ 
ent  home  directories.  He  has  also 
found  it  useful  for  capacity  planning  to 
have  accurate  information  on  what’s 
being  stored.  “If  I  hear  another  manag¬ 
er  saying  that  he  will  need  additional 
capacity,  I  can  go  into  a  meeting  and 
say  that  I  ran  a  report  which  shows 
that  60%  of  the  data  is  stale,”  Meredith 
says.  “Rather  than  having  to  buy  [stor¬ 
age-area  network]  space,  we  can  just 
archive  the  data.” 

While  Lincare  is  now  using  the 
Northern  suite  just  on  users’  home  di¬ 
rectories,  Meredith  says  he  plans  to 


use  it  for  Exchange  and  database  files 
as  the  company  continues  to  develop 
its  retention  policies. 

“Overall,  the  software  gives  me  a 
better  snapshot  of  how  we  are  using 
storage  from  an  enterprise  level,”  says 
Meredith. 

Multitier  Management 

Lincare  uses  its  SRM  tool  to  manage  a 
single  storage  tier.  Credit  reporting 
firm  Experian  Information  Solutions 
Inc.,  on  the  other  hand,  has  more  than 
115TB  of  three-tier  storage  at  its  data 
warehouse  in  Schaumburg,  Ill. 

Tier  1  is  EMC  Corp.  DMX-type  disks 
holding  primary  databases.  Tier  2  con¬ 
sists  of  EMC  Clariion  CX700  disks  and 
146GB  drives  for  Exchange  and  file 
servers  and  other  processes  that  are 
less  I/O-intensive  than  the  databases. 
Tier  3  is  network-attached  storage 
(NAS)  disks  or  slower  ATA  disks  used 
for  flat  files  or  files  that  are  being 
transferred  from  mainframes  to  dis¬ 
tributed  computing. 

“It  was  tough  to  manage  and  keep 
track  of  how  it  was  all  allocated  in  or¬ 
der  to  keep  the  costs  in  check,”  says 
architecture  expert  Ernie  Demers.  “It 
was  a  burden  on  our  operations  people 
who  had  to  spend  time  manually  creat¬ 
ing  reports  by  going  to  each  server  to 
see  which  file  system  it  had  and  what 
percentage  was  being  used.” 

To  cut  the  management  load,  two 
years  ago,  Demers  had  EMC  install  its 
ControlCenter  multivendor  SRM  suite 
on  a  Dell  server.  And  Experian  recent¬ 
ly  upgraded  to  Version  5.2  on  its  own. 
Like  Meredith,  he  says  the  SRM  has 
more  features  than  his  staff  can  use. 
But  as  they  learn  more,  they’ll  use 
more.  For  example,  Demers  is  using 
the  reporting  functions  to  allocate 
space  more  efficiently  and  to  put  to¬ 
gether  the  business  case  for  buying 
more  storage.  But  he  isn’t  using  it  to 
migrate  files  from  tier  to  tier. 

“It  wouldn’t  be  bad  to  get  to  that 
point  in  the  future,  where  we  would 
have  a  true  well-oiled  machine  as 
regards  tiering,”  Demers  says.  “But 
we  have  a  little  work  to  do  before  we 
get  to  that  point.” 

Nevertheless,  the  software  has  al¬ 
ready  greatly  cut  down  on  the  manage¬ 
ment  workload.  Experian  used  to  have 
three  to  four  people  helping  out.  “Now 
we  have  over  110TB  managed  by  one 
storage  admin,”  he  says.  “That  is  pretty 
phenomenal  considering  the  type  of 
data  we  have  and  the  different  types  of 
data  storage.”  ©  56973 


Robb  is  a  Computerworld  contributing 
writer  in  Los  Angeles. 
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Data  classification 
tools  offer  policy- 
based  management 
of  data,  freeing  up 
primary  storage. 

By  Lucas  Mearian 


i 


Matt  decker,  an  IT  manag¬ 
er  at  the  National  Nuclear 
Security  Administration, 
knew  he  couldn’t  contin¬ 
ually  add  expensive  high- 
end  storage  arrays  to  keep  up  with  the 
agency’s  40%  annual  data  growth  rate. 
And  manually  deleting  recycle  bins 
and  temp  files  wasn’t  freeing  up 
enough  space. 

“When  data  keeps  growing,  you  sud¬ 
denly  become  a  slave  to  it,”  he  says. 

Decker  wanted  to  see  the  type  of 
data  that  was  filling  up  his  high-end 
disk,  so  he  could  rate  the  value  of  it 
and  determine  where  and  how  he 
should  move  it  to  cheaper  storage 
media,  either  online  or  off-line. 

Enter  Mountain  View,  Calif.-based 
Arkivio  Inc.,  which  Decker  hired  two 
years  ago  to  perform  a  data  audit.  He 
was  shocked  at  what  Arkivio  found: 
The  majority  of  the  stored  data  was 
duplicate  files,  temporary  files  and 
e-mail  attachments  —  3.5TB  of  it.  “If 
someone  sent  an  e-mail  to  me  with  an 


DAl'ADA:  auto¬ 

matically  tag  data  prior  to  backup  and 
use  a  policy  engine  to  determine  how 
to  store  it  based  on  its  importance  to 
the  business.  But  most  of  these  tools 
address  only  unstructured  data,  like 
that  created  by  e-mail  and  file-serving 
applications,  not  database  records. 


attachment  I  thought  was  neat,  I’d  save 
it,  and  so  would  everyone  else  who  got 
it,”  says  Decker. 

Now,  using  Arkivio’s  Auto-xplor 
tool,  Decker  can  automatically  tag  that 
data  before  it’s  backed  up  and  set  a 
policy  engine  to  determine  how  to 
store  it  based  on  its  importance. 

“The  software  and  hardware  was  ex¬ 
pensive.  But  the  way  I  see  it ...  at  our 
growth  rate,  it  was  going  to  be  that 
much  more  expensive  later,”  he  says. 
“I’m  looking  at  a  material  cost  avoid¬ 
ance  of  close  to  $1  million  in  six  years.” 


A*; 


CAN  YOU  HANDLE  ALL  THE  DATA  THAT'S  COMING  YOUR  WAY? 


Introducing  midrange  storage  with  high-end  functionality.  We  know  what  you're  up  against,  and  it's  a  lot.  An  explosion  of  data,  a  complex  infrastructure, 
and  limited  resources. Our  new  midrange  modular  storage  solutions  help  you  tackle  these  issues  and  more. Three  cost-effective  solutions:  the  Network  Storage 
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This  sort  of  data  classification, 
or  tagging,  used  to  be  manual.  But 
many  start-up  vendors  are  now  selling 
tools  that  place  agents  on  application 
servers  to  search  volumes.  The  classi¬ 
fication  software  then  creates  reports 
on  those  volumes  and  places  that  in¬ 
formation  in  a  database  that  can  be 
searched. 

For  example,  data  classification  soft¬ 
ware  has  fields  such  as  “date  created” 
and  “date  last  accessed”  and  performs 
searches  based  on  keywords.  Adminis¬ 
trators  can  then  create  policies  that 
will  determine  where  data  should  be 
stored  once  it’s  classified. 

Companies  such  as  Arkivio,  Njini 
Inc.  in  London,  Kazeon  Systems  Inc.  in 
Mountain  View,  Calif.,  and  StoredIQ_ 
Corp.  in  Austin  have  been  early  to 
market  with  software  that  can  classify 
and  store  data  across  multiple  applica¬ 
tions,  such  as  e-mail  and  file  servers. 

Carolyn  Dicenzo,  an  analyst  at  Gart¬ 
ner  Inc.,  says  e-mail  is  the  No.  1  offend¬ 
er  for  eating  up  space  on  primary  stor¬ 


age  arrays.  Text  files  are  No.  2.  And 
this  data  can  be  risky  to  hold  on  to: 
When  stored  longer  than  necessary, 
e-mails  can  be  difficult  to  wade 
through  for  legal  discovery  purposes 
and  expose  a  company  to  litigation. 

To  date,  data  classification  vendors 
have  almost  exclusively  offered  prod¬ 
ucts  for  handling  unstructured  data, 
such  as  e-mail  and  text  files.  Structured 
data  in  databases  doesn’t  need  to  be 
categorized,  but  there’s  a  growing  need 
to  index  that  data  so  it,  too,  can  be 
searched.  The  only  company  currently 
addressing  structured  data  indexing  is 
CopperEye  Ltd.  in  Wiltshire,  England, 
with  its  Greenwich  software,  says  Steve 
Duplessie,  an  analyst  at  Enterprise 
Strategy  Group  Inc.  in  Milford,  Mass. 

Compliance-driven  Effort 

CDW  Corp.,  a  $5.7  billion  technology 
reseller  in  Vernon  Hills,  Ill.,  expects 
to  spend  more  than  $1  million  on  the 
hardware  and  software  needed  to  im¬ 
plement  a  data  classification  and  tiered 


storage  architecture.  The  goal  is  to 
better  manage  up  to  250TB,  much  of 
which  is  on  primary  storage. 

“For  Fortune  500  companies,  compli¬ 
ance  issues  have  been  a  big  deal  for  us 
this  past  year.  All  that  turned  our  at¬ 
tention  to  records  management  and 
[information  life-cycle  management],” 
says  K.C.  Tomsheck,  senior  director  of 
IT  operations  at  CDW. 

Tomsheck  began  implementing  the 
data  classification  project  in  June.  In 
the  first  phase,  his  legal  department  set 
policy  definitions  for  how  to  treat  dif¬ 
ferent  types  of  data.  The  project  man¬ 
agement  office  classified  the  data  in 
the  second  phase,  and  in  the  final 
phase,  the  network  engineering  group 
will  identify  the  technology  to  support 
a  tiered  storage  architecture. 

Tomsheck  says  the  company’s  pri¬ 
mary  and  backup  data  centers  are  both 
centrally  located  in  Chicago,  which 
helps  tremendously  in  his  data  classifi¬ 
cation  effort.  “Databases,  e-mail,  file- 
shared  documents,  including  unstruc¬ 


tured  data  —  it  all  resides  on  storage 
across  two  locations.  That  helps  that 
we  have  data  in  one  primary  point  and 
can  evaluate  it  from  there,”  he  says. 

The  company  purchased  12  EMC 
Corp.  network-attached  storage  (NAS) 
arrays,  including  the  Centera  content- 
addressed  storage  array.  If  all  goes  as 
planned,  about  150TB  of  data  will  be 
removed  from  primary  storage  arrays 
and  placed  onto  the  secondary  NAS 
arrays.  “We  look  at  it  as  a  ‘pay  me  now 
or  pay  me  later’  proposition,”  says 
Tomsheck,  who’s  hoping  for  a  return 
on  his  investment  in  three  to  four 
years. 

Duplessie  notes  that  the  cost  of  data 
classification  isn’t  usually  in  the  tech¬ 
nology  itself,  but  rather  in  the  time 
spent  determining  how  to  categorize 
and  classify  the  data. 

As  part  of  his  strategy,  Decker  pur¬ 
chased  an  EMC  Centera  content- 
addressed  storage  array  in  order  to 
archive  e-mail  and  files  online  so  end 
users  can  still  access  the  data.  O  56978 


Controller,  Adaptable  Modular  Storage,  and  Workgroup  Modular  Storage.  Each  built  to  meet  unique  application  requirements.  Each  with  high-end  functionality  from 
ourTagmaStore  platform.To  learn  more  about  Hitachi  midrange  modular  storage,  and  how  we  can  be  your  Partner  Beyond  Technology,  visit  www.hds.com/modular 
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SNAPSHOTS 


Storage  Vitals 

What  are  your  greatest 
storage  management  needs? 

Storage  resource  Information  life-cycle 
management  management 


SOURCE:  Storage  Networking  World  audience 
survey  results,  April  2005.  Audience  members 
were  polled  during  select  sessions:  registered 
attendees  totaled  more  than  2.700. 


Storage  Heavyweights 

Revenue  for  worldwide  storage  soft¬ 
ware  in  the  first  quarter  of  2005: 

1.  EMC  Corp.  S625M 

2.  Veritas  Software  Corp.  S445M 

3.  IBM  S178M 

4.  Network  Appliance  Inc.  $139M 

5.  Hewlett-Packard  Co.  S137M 

SOURCE:  IDC  Worldwide  Quarterly 
Storage  Software  Tracker 


War  Against  Complexity 

Which  statement  best  describes  how 
you  address  storage  complexity? 


Implementing  new  and 
betterSRMandSAN 
management 


Implementing 
storage  automation 
or  workflow 


processes 


Storage 
complexity  is 
not  an  issue  at 
my  organization 

Implementing  new 
virtualization  technology 


Hiring  more 
technical  support 
and  implementa¬ 
tion  services 


SOURCE:  Storage  Networking  World  audience 
survey  results,  April  2005.  Audience  members 
were  polled  during  select  sessions;  registered 
attendees  totaled  more  than  2.700. 


MARK  HALL 

Storing  Stuff 


All  end  users  have  lots  of  different  stuff  on  their  computers.  And  data  stor¬ 
age  managers  should  have  a  plan  for  every  bit  of  it. 

Sounds  simple.  But  it’s  not.  If  anything,  it’s  getting  more  complex,  maybe 
to  the  breaking  point,  beyond  where  IT  can  have  a  semblance  of  control  of  its 
total  corporate  storage  environment. 

Before  you  can  claim  to  know  what  your  data  storage  environment  is,  you  need  to  know 
where  all  the  information  is  going.  Wouldn’t  that  fall  under  the  vague  and  menacing  Section 
404  of  the  Sarbanes-Oxley  Act,  which  calls  for  having  “internal  control  over  safeguarding 
of  assets  against  unauthorized  acquisition,  use  or  disposition _ ”?  Yet,  how  can  CIOs  seri¬ 

ously  tell  their  bosses  that  they  have  full  knowledge,  let  alone  control,  over  who  stored 
what  corporate  data  where?  People  load  contact  lists  onto  iPods,  they  file  sales-letter 


templates  on  Windows  mobile  handhelds,  they  save 
sensitive  e-mails  on  BlackBerry  devices,  and  they  keep 
who-knows-what  on  laptops.  Some  of  these  devices 
are  issued  by  the  company.  Most  are  not.  Some  store 
only  data  defined  by  IT  policy.  Most  store  all  that  in¬ 
formation  and  much  more.  This  is  control? 

It’s  not  a  very  funny  situation.  But  the 
best  way  to  understand  the  scope  of  the 
problem  is  to  take  a  lesson  from  one  of 
George  Carlin’s  comic  routines,  “A  Place  for 
My  Stuff.”  (For  those  of  you  who  have  for¬ 
gotten  the  monologue,  here’s  a  Web  site 
with  a  refresher:  www.writers-free-reference. 
com/funny/story085.htm.) 

Carlin  starts  off  by  observing  that  a  house 
“is  just  a  pile  of  stuff  with  a  cover  over  it.” 

Then  he  says  when  you  go  on  vacation,  you 
pack  some  suitcases.  “You  gotta  take  a 
smaller  version  of  your  house,”  he  says.  “It’s 
the  second  version  of  your  stuff.”  As  he  pro¬ 
gresses  through  the  long  gag,  Carlin  talks 
about  how  we  use  increasingly  smaller  and 
smaller  containers  for  our  stuff,  until  he  gets  down 
to  the  stuff  we  can,  um,  stuff  into  our  pockets. 

Carlin’s  containers  for  his  “stuff”  are  analogous  to 
the  modern  end  user’s  data  repositories  in  today’s 
business.  People  are  more  than  willing  to  carry  less 
stuff  in  order  to  be  mobile.  But  they  definitely  need  at 
least  some  of  their  stuff.  So,  the  best  storage  managers 
should  try  to  accommodate  how  people  want  to  tote  it 
around. 

That  means  you  need  to  offer  multiple  ways  for  end 
users  to  store  mobile  data.  One  size  doesn’t  fit  all. 
(Seven  different  iPod  configurations,  from  500MB  to 
60GB  in  capacity,  seem  to  bear  this  out.)  Whether  it’s 
the  BlackBerry  7270  of  today  or  the  upcoming  Nokia 
770,  powerful,  high-performance,  high-capacity  mobile 
devices  are  proliferating  among  your  end  users  and 
outside  of  IT’s  purview. 

As  Frank  Hayes  wrote  in  “Got  Gadgets?”  [QuickLink 
a7280]  five  years  ago  in  these  pages,  you  can’t  win 


against  the  tide  of  faster,  cheaper,  better  mobile  units 
with  increasingly  capacious  storage  systems.  Don’t 
fight  it.  Frank’s  advice  is  to  recognize  who  the  gadget 
freaks  are  and  help  them  with  their  new  toys,  especial¬ 
ly  when  they  want  to  connect  them  to  corporate  data 
stores  on  the  network.  He  says  spending  a  little  time 
with  these  people  upfront  is  better  than 
having  to  clean  up  their  messes  later. 

Frank’s  advice  made  perfect  sense  five 
years  ago,  when,  as  he  wrote,  you  were 
dealing  with  Handsprings,  Jornadas, 
Cassiopeias  and  other  carcasses  in  today’s 
mobile  market.  And  it’s  still  sound  advice 
today.  But  I  think  it  could  use  a  little 
tweaking. 

Today,  you  have  to  let  end  users  carry 
their  stuff  on  the  device  of  their  choice. 
Whatever  it  is.  Don’t  try  to  create  a  corpo¬ 
rate  standard.  There’s  no  point.  (Besides, 
whatever  you  put  in  their  pockets  today  is 
the  Cassiopeia  of  2007.)  Whatever  you  in¬ 
vest  in  will  be  superseded  many  times  over 
by  the  time  your  chief  financial  officer  lets  you  fully 
depreciate  and  upgrade  the  devices. 

No,  don’t  regulate  the  device;  regulate  the  data- 
collection  process.  In  the  first  place,  the  data  is  what 
it’s  all  about,  not  the  thingamajig.  And  since  it’s  unlike¬ 
ly  you  can  stop  people  from  doing  what  comes  natu¬ 
rally  with  their  stuff,  you  need  to  persuade  them  to 
share  it  with  you. 

Here’s  what  I  suggest.  Start  a  contest  at  work.  Have 
people  bring  in  any  and  all  devices  that  they’ve  stored 
company  data  on  —  cell  phones,  PDAs,  thumb  drives, 
everything.  Have  prizes  for  the  most  devices,  the  old¬ 
est  device,  the  most  data  stored,  the  least.  Whatever. 
Lots  of  prizes.  Good  ones,  too,  like  iPod  Nanos. 

Take  the  devices  and  download  the  corporate  data 
from  all  of  them.  Give  them  back  to  your  end  users. 
Hold  the  contest  every  year.  You’ll  be  doing  the  com¬ 
pany  a  favor  and  making  friends  in  the  process. 

O  56889 
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CONTRIBUTION  TO  EBITDA/REGION 

CURRENCY:  EUROS/SHARE 

LATAM  €:  0.07 

N.  AMERICA  €:  0.45 

APAC  €:  -  00/  M 


2002  2003 

FACTORY  VOLUME  OUTPUT 

UNITS/HOUR/YEAR 


147,453 


SHENZHEN,  CHINA 

Cleveland,  ohio, 


SAO  PAOLO,  BRAZ» 
KYIV,  UKRAINE  /  $ 


CHANGING  THE  LANDSCAPE  OF 
BUSINESS  INTELLIGENCE! 

[Integrating  financial  management  and  BI  to  create  the  first  Business  Performance  Management  system.] 


INTRODUCING  HYPERION  SYSTEM”  9 


Now  you  can  attain  performance  visibility  and  take  immediate  action  to  solve 
business  problems  with  the  new  Hyperion  System  9.  Built  as  a  single  modular 
system,  Hyperion  System  9  increases  productivity  while  reducing  risk  and  TCO. 
It’s  straightforward  for  IT  to  integrate  with  database  and  transaction  systems. 
And  it’s  even  simpler  for  end-users  to  learn  and  use.  See  the  launch  webcast: 
www.hyperion.com/launch 


O  # 
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Hyperion" 


VISIBILITY. 

PERFORMANCE. 

SUCCESS.™ 


Advertising  Supplement 

IT  Careers:  SBC  Attracts  Hispanic  IT  Pros  with  Opportunity 


Hispanics  make  up  5%  of  the  information 
technology  workforce  across  the  United  States. 
SBC,  formerly  Southern  Bell,  is  pushing  the  envelope 
to  hire  a  workforce  that  reflects  its  customers.  The 
result:  6.4%  of  SBC  IT  employees  are  Hispanic. 

Gary  Fraundorfer,  vice  president-human  resources, 
says  that  overall  13%  of  the  company's  employees 
are  Hispanic  and  51  %  of  the  new  hires  in  2004  were 
people  of  color.  It's  no  simple  equation  to  beat  the 
national  odds,  particularly  when  there  has  been  little 
change  in  Hispanic  representation  among  IT  workers 
nationwide  over  the  past  six  years. 

According  to  Information  Technology  Association  of 
America's  Diversity  Study,  released  earlier  this  year, 
the  data  has  not  changed  over  the  past  five  years.  The 
percentage  of  Hispanics  earning  IT  degrees  since 
1999  remains  unchanged  and  was,  in  fact,  outpaced 
by  non-resident  aliens  earning  IT  degrees. 

"Our  future  employees  are  members  of  the 
communities  we  serve  today  and,  in  reaching  out  to 
them  now,  we  strengthen  our  ability  to  attract  and 
recruit  the  very  best,"  Fraundorfer  says.  The  company 
uses  web-based  recruiting  tools  that  touch  nearly  30 
different  diversity  sites  for  job  seekers.  "We  also 
acknowledge  Hispanic  professional  organizations  as 
high  potential  Hispanic  recruiting  channels," 


Fraundorfer  says,  pointing  to  the  Hispanic  Alliance  for 
Career  Advancement  and  the  National  Society  of 
Hispanic  Professionals.  The  company  has  established 
recruiting  partnerships  with  colleges  and  universities 
in  Texas  -  UT-San  Antonio,  UT-Dallas,  UT-Austin, 
Texas  A&M,  Southern  Methodist,  Texas  State  and 
Texas  Tech.  "We  also  partner  with  the  SBC  employee 
networks,  such  as  the  Hispanic  Association  of 
Communication  Employees  of  SBC  to  reach  out  to  the 
Hispanic  community  through  education  and  training 
in  various  areas,  from  career  goal-setting  to  resume 
writing  and  interviewing  skills,"  he  adds. 

The  bottom  line,  however,  is  that  Fraundorfer  and  SBC 
look  at  diversity  as  an  essential  ingredient  to 
business  success.  "We  succeed  when  we  recruit  and 
hire  the  very  best  talent  and  give  employees  options 
for  career  development  and  advancement,"  he  says. 
"IT  Services  at  SBC  employs  more  than  15,000 
managers,  associates  and  contractors,  making  it  one 
of  the  largest  IT  organizations  in  the  country.  One  out 
of  every  five  SBC  managers  is  an  IT  services 
employee."  The  group  provides  application 
development  and  data  center,  billing  and  payroll 
operations  for  the  entire  enterprise  from  100  cities 
across  the  country.  The  primary  locations  are  in  San 
Francisco,  New  Haven,  Chicago,  Detroit,  St.  Louis, 
Cleveland,  Milwaukee,  Dallas  and  Houston. 


IT  Services  was  a  key  partner  in  winning  SBC's  second 
CIO  Magazine  Enterprise  Value  Award  for  the 
Equipment  Capacity  Optimization  Systems  network 
planning  application  suite. 

Recipients  of  Undergraduate  Degrees  in  Computer  Science, 
Engineering  and  Engineering  Related  Technologies,  2001-2002,  by  Race 


Non-resident 

Hispanic  5%  afien  7% 


Source:  ITAA/U.S.  Department  of  Education,  National  Center  for  Education 
Statistics,  Integrated  Post  Secondary  Education  Data,  fall  2002  survey 


Racial  Diversity  in  the  IT  Workforce  1596-2004 


Source:  ITAA/Bureau  of  Labor  Statistics  Current  Population  Surveys 
estimates,  except  for  1996  estimate  of  Asians  in  the  ST  workforce,  which  is 
National  Science  Foundation. 


For  more  information  about  IT  Careers  advertising, 
please  call:  800.762.2977 

Produced  by  Carole  R.  Hedden 


Sr.  Systems  Analyst 


Iroquois 


Bring  Your 
PowerBuilder 
Stalls  To 

Iroquois  Pipeline  Operating  Company  has  a  challenging 
position  for  results  oriented  individual  with  extensive  experience 
in  client-server  system  development  and  maintenance.  Provide 
technical  expertise  and  advice  in  complex  systems  analysis  and 
design.  Technologies  include  PowerBuilder,  SCADA,  Sybase 
DBMS,  SQL,  Unix,  and  Data  Communications  network 
protocols,  components  and  operations. 

Requires  a  B.S./B.A.  in  CS  or  Engineering  or  related  degree  and 
commitment  to  support  24x7  operations.  This  position  will  be 
safety  sensitive  as  defined  by  the  US  DOT  and  subject  to  random 
drug  testing. 

Competitive  salary  and  excellent  benefits  provided . 

Interested  candidates  email  resume  w/salary  history  to: 

Human  Resources  Dept,  IROQUOIS  PIPELINE 
OPERATING  COMPANY,  One  Corporate  Dr,  Ste  600, 
Shelton,  CT  06484,  Fax:  203-925-8544 
or  E-mail:  employment@iroquois.com 

!  lor  further  information  visit  WWW. IROQUOIS.COM 


Equal  Opportunity  Employer  - 


Goldman  Sachs  &  Co. 

Senior  Analyst/Developer  -  New  York,  NY  -  Design,  develop,  test  &  imple¬ 
ment  applications  to  support  various  divisions.  Required:  Bachelor's  in 
Computer  Science  or  Engineering  or  related  field  plus  5  yrs  progressive 
exp  in  offered  position  or  as  systems  analyst.  Exp  must  include  develop¬ 
ing  data  warehouse  applications  utilizing  Sybase  IQ  as  a  Client  Relation¬ 
ship  Management  application  &  project  management  exp  developing  & 
supporting  applications  utilizing  Perl  and  Java  on  Unix  &  Windows  plat¬ 
form  Job  Code:  TECH082105SAD. 

Analyst/Developer  -  New  York,  NY  -  Develop  real  time  middleware  soft¬ 
ware  components  to  serve  data  distribution  platform.  Required: 
Bachelor's  in  Computer  Science,  Engineering,  MIS  or  related  field  plus  2 
yrs  exp  In  job  offered  or  as  software  analyst.  Prior  exp  must  include  devel¬ 
opment  of  operating  system  level  components  for  real  time  infrastructure 
utilizing  C/C++.  UNIX,  &  TCP/IP.  Job  Code:  TECH081405ADNY. 

Analyst/Developer  -  Jersey  City,  NJ  -  Design  &  develop  back  office  appli 
cations  for  multiple  global  derivative  clearing  houses.  Required: 
Bachelor’s  in  Computer  Science,  Engineering,  or  related  field  plus  1  year 
exp  in  offered  position  or  as  systems  analyst.  Prior  exp  must  include  uti¬ 
lizing  MQ  Series  and  client  server  architecture  design.  Job  Code: 
TECH080705ADNJ. 

Apply:  httos://Goldmansachs. recruitmax.com/enQ/candidates  using  "Build 
Your  Profile"  option.  Candidates  must  provide  salary  requirements  in 
'Target  Compensation"  field  &  specify  Job  Code  in  "Specific  Type"  field. 
NO  PHONE  CALLS  PLEASE. 


Fixed  Income  Developer.  Chica¬ 
go,  IL.  Responsible  for  writing 
and  maintaining  real-time  busi¬ 
ness  applications  in  C++  on 
Linux  for  use  within  the  Fixed 
Income  business  suite.  Respon¬ 
sible  for  learning  the  existing 
suite  of  applications  that  are 
used  on  the  desk,  understanding 
their  architecture  and  analytics, 
and  taking  over  the  support  and 
development  of  these  applica¬ 
tions.  Develop  and  deploy  next 
generation  applications  and 
tools  for  fixed  income  to  support 
the  MBS,  Government  and  FX 
trading  systems. 

Qualifications  include  a  mini¬ 
mum  of  a  Bachelor's  degree  in 
Computer  Science,  Engineering 
or  a  related  quantitative  field  or 
the  foreign  equivalent.  Must 
have  three  (3)  years  of  relevant 
experience.  Must  have  prior  ex¬ 
perience  utilizing  C++  in  Unix,' 
Linux  environment. 

Qualified  candidates  should  su¬ 
bmit  a  cover  letter  and  resume, 
job  reference  R-0028,  to: 
itjobs0028@citadelgroup.com. 
Principals  only  need  apply. 
CITADEL  IS  AN  EQUAL  OP¬ 
PORTUNITY  EMPLOYER. 


TECHNOCREST  SYSTEMS, 
INC.  -  West  Dundee,  Illinois 
Seeking  a  Computer  Support 
Specialist  to  provide  technical 
assistance  to  computer  systems 
users  in  person,  via  telephone  or 
from  remote  location.  Travel  to 
client  office  work  stations  to  han¬ 
dle  troubleshooting  and  repair 
and  perform  warranty  services 
for  DELL.  Compaq,  Apple  and 
IBM  desktop  and  laptop  comput¬ 
ers.  Requires  Bachelor's  degree 
in  Computer  Science  or  Elec¬ 
tronic  Engineering.  Send  Resu¬ 
me  to:  Human  Resources, 
Technocrest  Systems,  Inc.,  3125 
S.  Pickwick  Place,  Springfield, 
MO  65804  job  code:  TSI0592. 


(SS  Consultantnet  LLC,  -  Plains- 
boro,  NJ)  Software  consulting 
company  seeks  Programmer 
Analysts  to  Analyze,  Plan,  Des¬ 
ign,  Develop  programs,  applying 
knowledge  of  programming 
techniques  and  computer  sys¬ 
tems,  Evaluate  user  requests  for 
new  or  modified  computer  pro¬ 
grams  to  determine  feasibility, 
cost  and  time  required,  compati¬ 
bility  with  current  system,  and 
computer  capabilities.  Skills 
required:  Windows,  Unix,  Sun 
Solaris,  Linux,  C,  C++,  VC++, 
Visual  Basic,  Java,  Oracle 
Clinical,  SAS,  AS400,  Oracle 
forms,  Oracle  Financials,  ASP. 
Net,  VB.net,  COM,  DCOM,  Plum 
tree,  JD  Edwards,  People  Soft, 
SAP,  Bachelor’s  Degree  or 
Academic  equivalent  in  Com¬ 
puter  Science,  CIS,  MIS  and  two 
years  of  experience  as  Systems 
Analyst,  Software  developer, 
required  9-5,  40  hrs/week.  Send 
resume  to  attn:  HR,  email  to 
hrmanager@ssconsuitantnet.com 


IT  company  in  Lisle,  Illinois 
seeks  a  Software  Architect  to 
architect,  research,  design, 
and  implement  distributed 
application  and  infrastructure 
software  using  the  Globus 
Toolkit.  Will  lead  a  small  engi¬ 
neering  team  in  software 
implementation  and  testing 
using  Java  and  C.  Require  a 
BA  in  Computer  Science  or 
related  engineering  degree  & 
5  yrs  of  experience  in  archi¬ 
tecture,  design,  and  imple¬ 
mentation  of  distributed  appli¬ 
cation  and  infrastructure  soft¬ 
ware;  using  and  implementing 
the  Globus  Toolkit;  and  exten¬ 
sive  systems  programming 
experience  in  Java  and  C. 
Please  email  resume  and 
cover  letter  to  Bob  Mandel  at; 
mandel@univa.com.  EOE. 


Senior  Developer  needed  by 
Southwest  Airlines  Co.,  Dallas, 
TX:  Responsible  for  applica¬ 
tion  development  &  system 
admin  for  web  based  UNIX  & 
Windows  appls.  Requires  Ma¬ 
sters  in  Electronic  Commerce 
or  Comp.  Science,  and  3  years 
exp  in  application  development 
&  system  administration  for 
web  applications  using  Docu- 
mentum,  XML  &  J2EE.  To 
apply,  mail  resume  to  Sandra 
Housouer,  Southwest  Airlines, 
Dept  4GC,  PO  Box  36611, 
Dallas  TX  75235;  refer  to  Job 
#1 9-J  on  resume. 


SQL  Server  Database  Ad¬ 
ministrator/Developer  for 
Schaumburg,  IL:  Will  be 
responsible  for  complete 
life  cycle  of  the  projects 
using  various  skills.  Bach¬ 
elors  Degree,  with  2  years 
experience  required.  Com¬ 
petitive  Salary,  40  hrs.  a 
week.  Send  resume  (no 
calls)  to  Attn:  HR  Manager, 
Integrated  Business  Group, 
1325  Remington  Rd.  Suite 
#K.  Schaumburg,  IL  60173- 
4815. 


IT  Careers  editorials  cover 


relevant  topics  in  the 
following  industries: 


Healthcare 
Security  &  Defense 
Finance 

Biotech/Pharmaceutical 
Insurance 
Diversity 
Consulting 
Teiecom/Wireless 
Manufacturing 
And  many  more.... 

Our  readers  include  the  qualified 
IT  professionals  that  your 
company  is  looking  for. 


For  more  information, 
contact  us  at:  IT 

800-762-2977 


careers 


ComDuterworld  -  October  17.  2005 


HCFS  in  Addison,  TX 
is  seeking  Web  De¬ 
veloper.  Must  have 
BS  in  CS  or  MIS  & 
6mo.  exp.  in  dsgn  & 
dvlp  web  appln  using 
ASP.NET;  cover  acc. 
from  ASCHII  & 
EBCDIC  by  ORW32 
&  data  junction.  Fax 
resume  to  HR  @ 
972-720-0381. 


Electronic 

Engineering  Manager 

Requires  Bachelor  of  Science 
or  Engineering  and  5-year 
exp.  in  position  offered  or  as  a 
Design  Engineer  or  Electronic 
Engineer.  Job  site  at  8270 
Willow  Place  North,  Ste.  B- 
150,  Houston,  TX  77070 
Please  mail  resume  to  Delta 
Products  Corp.,  4405 
Cushing  Parkway,  Fremont 
CA  94538.  Attn:  R.  Sahakian. 


Software  Eng  Design,  code, 
test,  maintain  &  document  soft¬ 
ware  applications  for  Client  and 
Server  sides  business  opera¬ 
tions.  Requires  B.S.  Computer 
Science  or  related  field;  2  yrs 
exp  Computer  Applications 
Developer;  &  knowledge  of 
Struts  on  Client  &  Server  sides 
(JSP  with  Custom  Tags,  Entity 
EJBs,  JMS,  UML  &  Together  J). 
On  call  assignments  24/7. 
Position  in  St.  Louis  area. 
Resumes  to  J.V.L.,  Crawford 
Group,  4680  Technology  Dr.,  St. 
Charles,  MO  63304  or  email  to 
ian.m.vitale@erac.com . 

Reference  job  20713. 


TECHNOCREST  SYSTEMS, 
INC.  Phillipsburg,  NJ  Seeking  a 
Computer  Support  Specialist  to 
provide  technical  assistance  to 
computer  systems  users  in  per¬ 
son,  via  telephone  or  from 
remote  location.  Travel  to  client 
office  work  stations  to  handle 
troubleshooting  and  repair  and 
perform  warranty  services  for 
DELL,  Compaq,  Apple  and  IBM 
desktop  and  laptop  computers. 
Requires  Bachelor’s  in  Electron¬ 
ics.  Send  Resume  to:  Human 
Resources,  Technocrest  Syst¬ 
ems,  Inc.  3125  S.  Pickwick 
Place,  Springfield,  MO  65804 
job  code:  TSI0740. 


ATTENTION: 

Law  Firms 
IT  Consultants 
Staffing  Agencies 


Place  your 
Labor 

Certification  ads 
here! 

Are  you  frequently  placing 
legal!  immigration 
advertisements? 

Let  us  help  you  put  together  a 
cost  effective  program  that  will 
make  this  time-consuming 
task  a  little  easier. 

Call 

800-762-2977 

it  careers 


Computer/business  professionals  for  permanent  positions  with  short  & 
long  term  assignments  to  various  unanticipated  locations  throughout  USA 
for  software  &  services  consulting  company  headquartered  in  Mountain 
View,  CA: 

Business  Development  Managers 

I  (BDM100)  -BA  in  BusAdmin,  Finance  or  Acctg.  +  2  yrs  exp 

II  (BDM101)-  BA  in  BusAdmin,  Finance  or  Acctg.  +  5  yrs  exp 

III  (BDM102)-  MBA+  2  years  exp 
Business  Development  Managers  (  ERP) 

I  (BDMERP103)-BA  BusAdmin  or  Fin/Acctg.  +  2  yrs  exp;  exp  w /  ERP 
packages 

II  (BDMERP104)-BA  BusAdmin  or  Fin/Acctg.  +  5  yrs  exp;  exp  w /  ERP 
packages 

III  (BDMERP105)-  MBA  +  2  yrs  exp;  exp  w/  ERP  packages 
Business  Systems  Analysts 

I  (BSA106)  2  yrs  exp  as  BSA 

II  (BSA107)-  BA  Bus  Admin  or  Fin/Acctg  or  equiv  +  2  yrs  exp  as  BSA 

III  (BSA108)-  BA  Bus  Admin  or  Fin/Acctg  or  equiv  +  5  yrs  exp  as  BSA 

IV  (BSA109)  MBA  or  MA  in  Fin/  Acctg  +  2  yrs  exp  as  BSA 
Technical  Business  Systems  Analysts  (BSA  w/technical  focus) 

I  (TBSA110)  2  yrs  exp  as  BSA 

II  (TBSA111)  BS  in  CS  or  Eng.  or  equiv  +  2  yrs  exp  as  BSA 

III  (TBSA112)  BS  in  CS  or  Eng  or  equiv  +  5  yrs  exp  as  BSA 

IV  (TBSA113)  MS  in  CS  or  Eng  +  2  yrs  exp  as  BSA 
Software  Engineers 

II  (SE114)  BS  in  CS  or  Eng  or  equiv  +  2  yrs  exp 

III  (SE115)  BS  in  CS  or  Eng  +  5  yrs  exp. 

IV  (SE116)  MS  in  CS  or  Eng  +  2  years  exp 
Database  Administrators 

II  (DBA117)-  BS  in  CS  or  Eng  or  equiv  +  2  yrs  exp 

III  (DBA118)-BS  in  CS  or  Eng  +  5  yrs  exp 

Data  Warehouse  Architects  (develop  data  model,  design  data 
mart/warehouse) 

II  (DWA121)-BS  in  CS  or  Eng  or  equiv  +2  yrs  exp 

III  (DWA120)-BS  in  CS  or  Eng  +5  yrs  exp 

IV  (DWA119)-MS  in  CS  or  Eng  +  2  years  exp 

e-Architects  (plan  &  monitor  IT  projects,  provide  technical  input,  super¬ 
vise  team) 

II  (EA124)-  BS  in  CS  or  Eng  or  equiv  +2  yrs  exp 

III  (EA123)-BS  in  CS  or  Eng  +5  yrs  exp. 

IV  (EA122)-  MS  in  CS  or  Eng  +  2  yrs  exp 

ERP  Technical  Consultants 

(gather  customer  sys,  eng'g,  &  manuf  reqs;  design,  code  &  test  ERP  solu¬ 
tions) 

II  (ERPTC127)-  BS  in  CS  or  Eng  or  equiv  +  2  yrs  exp 

III  (ERPTC126)-  BS  in  CS  or  Eng  +  5  yrs  exp 

IV  (ERPTC125)-  MS  in  CS  or  Eng  +2  yrs  exp 

Network  Systems  Administrators 

(NSA128)-  BS  in  CS  or  Eng  or  equiv  +2  yrs  exp 

Sales  Engineers 

II  (SALES131)-  BS  in  Eng  or  CS  or  equiv  +  2  yrs  exp. 

III  (SALES130)-  BS  in  Eng,  CS  or  Scientific  Discipline  +5  yrs  exp 
Senior  (SNSALES129)-MS  in  Eng  or  CS  +  2  yrs 

To  apply,  send  cover  letter  &  resume  to  Recruitment  Team,  Wipro  Ltd., 
Two  Tower  Center  Blvd.,  Suite  1100,  East  Brunswick,  NJ  08816.  Must  ref¬ 
erence  job  code  for  consideration.  Unrestricted  right  to  work  in  USA 
required.  EOE. 


Sr.  Software  Manager  needed 
w/Masters*  or  foreign  equiv.  in 
Comp.  Sci.  or  Engg  or  Math  &  1 
yr  exp.  •Will  accept  Bach  or  for¬ 
eign  equiv.  &  5  yrs  of  progres¬ 
sive  exp  in  lieu  of  Masters  &  1  yr. 
Plan,  organize,  direct  &  coord 
projects  on  Oracle  Applies 
based  technologies.  Dsgn  &  test 
custom  extensions  (JSP,  Oracle, 
PL/SQL  tools)  to  be  used  in  con¬ 
junction  w/Oracle  Applies  using 
SDLC  principles  &  industry  stan¬ 
dard  OO&D  techniques.  Gather 
systm  reqmts  from  clients  & 
translate  in  the  form  of  UML  dia¬ 
grams  &  RUP  documents.  Sup¬ 
ervise  2  prgmrs.  Mail  resumes 
to:  Optima  Technology  Partners. 
Inc.,  9  Mt.  Pleasant  Tpke,  Ste 
103,  Denville,  NJ  07834.  Job 
Loc:  Denville,  NJ  or  in  any  unan¬ 
ticipated  Iocs  in  U.S.A. 


Witness  Systems,  Inc.  is  seek¬ 
ing  a  Senior  Software  Engineer 
to  develop  web  service-based 
internet  applications  and  partici¬ 
pate  in  the  support  and  en¬ 
hancement  of  existing  Visual 
Basic  applications.  Must  have  a 
Bachelor's  Degree  or  equivalent 
in  Computer  Information  Sys¬ 
tems  or  related  field  plus  five 
years  of  experience  in  the  relat¬ 
ed  occupation  of  leading  the 
design  and  development  of  a 
product.  In  lieu  of  a  Bachelor's 
degree  plus  five  years  of  experi¬ 
ence.  employer  will  also  accept 
seven  years  of  experience  in  the 
related  occupation  of  leading  the 
design  and  development  of  a 
product.  Salary  commensurate 
with  experience.  Send  cover  let¬ 
ter  and  resume  to  Lisa  Franck, 
H.R.  Manager,  Witness  Sys¬ 
tems,  Inc.,  300  Colonial  Center 
Parkway,  Roswell,  GA  30076. 


Management  Analyst  (E-Learn¬ 
ing)  w/Masters  degree  or  foreign 
equiv.  in  Business  Administra¬ 
tion  &  6  months  exp  to  analyze 
business  procedures  to  devise 
efficient  methods  of  knowledge 
management  &  dissemination 
for  corporate  development  using 
web  based  technologies.  Design 
course  structure,  construct  sto¬ 
ryboards  using  interactive  multi- 
media  design  techniques.  Dev¬ 
elop  software  programs  for  web 
based  training  using  Studio  MX, 
Dreamweaver,  Flash,  Cold  Fus¬ 
ion.  Fireworks,  Director  and 
Authorware  &  integrate  with 
Online  Learning  Management 
Systems  (LMS)  compatible  with 
AICC,  SCORM  &  LRN  stan¬ 
dards.  6  months  exp  as  Man¬ 
agement  Analyst  (Online  Train¬ 
ing)  is  acceptable.  Mail  Resu¬ 
mes  to:  Ram  Associates,  3240 
East  State  Street  Ext.  Hamilton, 
NJ  08619  Job  Loc:  Hamilton,  NJ 


Sr.  Programmer  Analysts:  Des 

&  dev  client  server,  multi  tier  & 
web  appl;  define  data  arch;  dev 
WBS;  effort  estimates;  opera¬ 
tional,  financial  &  compliance 
audits;  risk  assessments;  modify 
WFL;  validate  data,  create 
ALGOL  programs  on  Unisys; 
modify  JCL  on  OS/390;  des, 
dev,  manage,  backup  &  recov¬ 
ery,  install  &  confi  Oracle  & 
DMSII  databases;  performance 
tuning,  ER  diagrams,  security 
schemas.  Use  of  Sarbanes- 
Oxley,  CANDE,  COBOL.  JCL, 
HTML,  CSS,  JavaScript,  PHP, 
PL/SQL,  Unix,  DOS,  Windows, 
RDBMS,  Oracle,  DB2,  teradata, 
Sybase,  Foxpro  on  Sun  Solaris 
&  HP  6000.  BE  or  ME  in  CE.  EE 
or  Mech  Engg  w/1-2  yrs  exp 
req'd.  Multiple  positions  in  Rich¬ 
mond  &  other  sites.  Travel  req'd. 
Mail  resumes  to  HR.  Prestigious 
Group  of  Consultants,  8607 
Pennsbury  Place,  Suite  6, 
Richmond,  VA  23294. 


It's  about  feelina 

connectei 


With  your  love  of  technology,  you  may  think  your  professional 
fulfillment  is  reliant  upon  the  kinds  of  technologies  that  you  work 
with.  And  it  is.  But  feeling  fulfilled  involves  feeling  "connected"  with 
the  people  who  you  work  with  as  well  and  being  excited  about  tak¬ 
ing  the  company  to  the  next  technological  level. 

At  Benjamin  Moore,  a  leader  in  quality  paint  and  paint  coatings,  it's 
all  about  people.  We  strive  to  uphold  the  Company's  values  of 
honesty  and  integrity  and  promote  that  each  employee  makes  the 
difference.  If  you  value  these  qualities  in  an  organization  and 
believe  you  can  make  a  difference,  we  have  several  opportunities: 

DIRECTOR,  RETAIL  TECHNOLOGY 

This  leadership  role  will : 

•  Lead  various  business  groups  and  partner  with  other  IT 
professionals  to  develop  technology  strategies  and 
solutions  that  provide  the  IT  infrastructure  and  systems 
necessary  to  strengthen  the  capability  of  our  retail  stores. 

•  Apply  innovation  management  and  intellectual  horsepower 
to  develop  complex  and  high  priority  projects  as  well  as 
assess  the  existing  platform  for  maintenance  and  upgrades. 

•  Have  the  ability  to  manage  diverse  relationships 
throughout  all  levels  of  the  organization 

The  successful  candidate  should  have: 

•  A  Bachelor's  degree  and  10+  years'  experience  in  Retail  IT 

•  Project  management  experience  in  a  medium-large  Retail 
chain/franchise  environment 

•  Background  in  web-based  technologies,  systems  implemen¬ 
tations  and  business  acumen  in  the  Retail  industry. 

•  Knowledge  of  networking  and  multi-technology 
platforms 

ADDITIONAL  TECHNOLOGY  OPPORTUNITIES... 

•  BUSINESS  OBJECTS  DEVELOPER  -  5  years  data 
warehouse  and  3+  years  Business  Objects  exp. 

•  DATA  WAREHOUSE  DEVELOPER  -  4  -  6  years  Informatica 
ETL  developer  on  Unix  Oracle  RDBMS  platform 

•  DATABASE  ADMINISTRATOR  -  5+  years  experience  in 
Oracle  and  Microsoft  SQL 

•  SR.  OS  ADMINISTRATOR  -  10+  years  experience 
including  Novell  5.x,  /  Windows  2000  /  2003  Server, 
Windows  XP  and  Windows  2000  Professional  Workstation 

•  SR.  IT  PROJECT  MANAGEMENT  ANALYST  -  5  years 
hands-on  experience  in  advanced  project  management  for 
small  to  large  projects;  customer  relationship  management 
skills  needed 

•  SECURITY  ADMINISTRATOR  -  5-7  years  experience 
including  Unix,  Oracle,  Windows  2000  Workstation/ 
Windows  2000  /  2003  Server,  and  Windows  XP 


A 

Benjamin  Moore 

Paints 


For  consideration,  please  apply  on-line  to; 

www.BeniaminlVloore.com 

We  are  an  equal  Opportunity/Affirmative  Action  Employer  M/F/D/V 


Software  Eng  to  analyze,  de¬ 
sign,  develop,  test  &  implement 
data  warehouse  applications; 
Requires  B.S.  Comp.  Science 
or  related  field;  2  yrs  exp  as 
Programmer  Analyst,  Test  Eng 
or  Software  Eng;  plus  knowl¬ 
edge  of  Relational  Database 
concepts,  Data  Warehousing 
methodology  (ETL  and  ID)  & 
UNIX  platforms.  On  call  assign¬ 
ments  24/7.  Position  in  St.  Louis 
area.  Resumes  to  J.V.L.,  Craw¬ 
ford  Group,  4680  Technology 
Dr.,  St.  Charles,  MO  63304  or 
email  to  ian.m. vitale@erac.com. 
Reference  job  20634. 


Sr.  Software  Engineer  for 
Synerzy  software  solutions  Inc, 
Iselin,  NJ:  Will  be  responsible 
for  Analysis,  design,  develop 
and  testing  of  ERP  applications 
in  AR,  AP,  GL  and  Distribution 
modules  using  Enterprise  One 
(formerly  JDEdwards),  J2EE, 
XML,  C++,  Createlform  for 
JDE,  EDI  Gentran  Server  for 
Windows,  BS  or  BE  or  Equaling 
Degree  with  minimum  5  yrs 
experience  required.  40  hrs / 
week  and  competitive  salary. 
Requires  frequent  travel/willing 
to  relocate.  Send  resume  & 
salary  requirements  to:  HR 
Manager,  Synerzy  Software 
Solutions  lnc,1  Austin  Ave,  2nd 
Floor,  Iselin,  NJ  08830. 


EDS  is  looking  for  an  Informa¬ 
tion  Specialist  in  its  Seaside,  CA 
location  to,  under  general  direc¬ 
tion,  develop  and  maintain  soft¬ 
ware  applications  on  Unix  and 
Windows  platforms  using  Java, 
J2EE,  VB,  SQL  and  RDBMS. 
Requires  Bachelors  degree  in 
Computer  Science  and  one  (1) 
year  of  experience  in  client  serv¬ 
er  development  using  VB,  SQL, 
ODBC,  RDBMS  and  TCP/IP 
protocol.  Salary:  $85, 000/year; 
40  hrs/wk,  8AM  to  5PM,  Mon- 
Fri.  To  apply,  submit  resume  to 
Lynne  Czerwinski,  Technical 
Delivery  Manager,  EDS,  400 
Gigling  Road,  Seaside,  CA 
93955  in  reference  to  1112-J. 


Computer  Programmer 

Design  and  develop  new 
databases  and  appropriate 
front-end  systems.  Create 
prototypes.  Prepare  reports 
from  databases.  Requires 
B.A.  or  B.S.  in  computer  sci¬ 
ence  and  1  yr  exp  develop¬ 
ing  complex  databases.  Exp. 
with  SQL,  Cobol  and  UNIX 
preferred.  Send  resume  to 
Sai  Systems  International, 
Inc.,  Attn:  Laura  Sheehy,  12 
Progress  Dr.,  1st  FI., 
Shelton,  CT  06484.  No  calls, 
please. 


EDS  is  looking  for  a  Business 
Analyst  for  its  Federal  Way,  WA 
location  to  develop  and  en¬ 
hance  reporting  capabilities 
using  reporting  metrics  and  ser¬ 
vice  assurance  techniques. 
Requires  Bachelors  degree  in 
Business  Administration  or 
Public  Administration  and  two 
(2)  years  of  experience  in  imple¬ 
menting  automated  reporting 
strategies  using  VBA  and  SQL 
To  apply,  submit  resume  to 
Robert  Hankinson,  Director  of 
Program  &  Service  Assurance, 
33405  8th  Avenue  South, 
Federal  Way,  WA  98003;  in  ref¬ 
erence  to  1114-J. 


Imaging  Systems  Specialist 
for  SOURCECORP,  Inc. 

Job  Location:  Carson.  CA 

Requires  a  Bachelor's  degree 
in  Electronics  Engineering  or 
Computer  Science  and  2  yrs 
experience  in  job  offered;  or  2 
yrs  related  experience  in 
designing,  developing,  and 
testing  imaging  components 
with  VB,  SQL  Server,  Soft- 
Tracs,  FLIPS,  and  LeadTools. 
40-hr  work  week.  Please 
submit  your  resume  to 
careers@srco.com  and  refer¬ 
ence  job  code  621726. 
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Holes 

that  the  Red  Cross  has  also  in¬ 
stalled  intrusion-prevention 
technology  on  “riskier  seg¬ 
ments”  of  its  network  perime¬ 
ter  to  provide  additional  pro¬ 
tection  against  attacks. 

Satish  Ajmani,  CIO  of  Santa 
Clara  County  in  California, 
said  the  county  government 
was  “aggressively”  testing  and 
deploying  the  patches  from 
Microsoft. 

“We  are  a  very  large  and 
distributed  organization,  and 
we  used  to  take  several  days  to 
roll  out  patches,”  Ajmani  said. 
But  outbreaks  such  as  the  Zo- 
tob  worm  have  “heightened 
awareness  and  understanding” 
of  the  need  for  more-effective 
patching  strategies  among 
county  officials,  he  added. 

Immunity  Inc.,  a  Miami- 
based  security  research  firm, 
on  Wednesday  released  a 
proof-of-concept  exploit  tak¬ 
ing  advantage  of  a  flaw  in  the 


BY  JAMES  NICCOLAI 

MySQL  AB  is  eyeing  a  Novem¬ 
ber  release  for  Version  5.0  of 
its  open-source  database,  a 
major  upgrade  that  the  com¬ 
pany  hopes  will  help  it  be¬ 
come  a  realistic  alternative  for 
corporate  users. 

If  all  goes  well  with  the  lat¬ 
est  test  release  of  the  software, 
Version  5.0  should  ship  next 
month,  said  Kaj  Arno,  vice 
president  of  community  rela¬ 
tions  at  Uppsala,  Sweden- 
based  MySQL. 

MySQL  5.0  adds  a  handful  of 
enterprise-oriented  features 
—  such  as  triggers,  views  and 
stored  procedures  —  that  have 
long  been  available  from  data¬ 
base  market  leaders  Oracle 
Corp.,  IBM  and  Microsoft 
Corp. 

Nonetheless,  analysts  are 
skeptical  that  the  new  version 
has  advanced  enough  to  gain 
widespread  interest  from  cor¬ 
porate  IT  managers.  Gary  Bar¬ 
nett,  an  analyst  at  London- 


Microsoft’s 
Critical  List 

■  Unchecked  buffer  in  MSDTC: 
rated  “critical”  on  Windows 
2000  and  “important”  on 
Windows  XP  SP1  and  Windows 
Server  2003. 

■  Flaw  in  the  process  that 
C0M+  uses  to  create  memory 
structures:  rated  critical  on 
Windows  2000  and  XP  SP1 
and  important  on  XP  SP2  and 
Server  2003. 

«  Unchecked  buffer  in  Micro¬ 
soft  DirectShow:  rated  critical 
on  Windows  98, 2000,  XP  and 
Server  2003. 

■  System  memory  corruption 
flaw  in  IE:  rated  critical  on  all 
recent  releases  except  IE  6  for 
Windows  Server  2003. 


Microsoft  Distributed  Trans¬ 
action  Coordinator  (MSDTC) 
service  within  Windows  2000. 
The  flaw,  which  some  analysts 
described  as  being  relatively 
easy  to  exploit,  could  allow  at- 


based  research  company  Ovum 
Ltd.,  said  that  while  MySQL  is 
adding  some  basic  enterprise 
features,  Oracle,  IBM  and  even 
Microsoft  continue  to  offer  ca¬ 
pabilities  that  keep  their  prod¬ 
ucts  far  ahead  of  the  open- 
source  database  Still,  MySQL  5 
elevates  the  open-source  soft¬ 
ware  into  the  class  of  a  “true 
database,”  said  Barnett. 

Therefore,  more  indepen¬ 
dent  software  vendors  will 
likely  embed  it  in  their  prod¬ 
ucts,  leading  to  deployments 
in  new  environments,  he  said. 
“They  are  much  more  credible 
now  for  ERP  and  for  transac¬ 
tion-based  applications,”  Bar¬ 
nett  added. 

In  fact,  though  no  ERP  appli¬ 
cations  are  certified  to  run  on 
MySQL  today,  David  Axmark,  a 
MySQL  co-founder  and  vice 
president  overseeing  licensing 
and  strategy,  said  the  company 
is  currently  working  on  certifi¬ 
cation  with  SAP  AG  and 
Netherlands-based  financial 


tackers  to  take  complete  ad¬ 
ministrative  control  of  unpro¬ 
tected  servers. 

Justine  Aitel,  Immunity’s 
CEO,  said  the  firm  was  able  to 
develop  a  workable  exploit  of 
the  flaw  in  just  a  few  hours. 
Immunity  released  the  exploit 
code  to  members  of  its  partner 
program,  which  includes  ven¬ 
dors  of  security  products  such 
as  intrusion-detection  and 
-prevention  systems,  so  they 
could  use  the  information  to 
update  their  tools  to  protect 
against  the  flaw. 

In  addition  to  the  exploit 
code  for  the  MSDTC  vulnera¬ 
bility,  Immunity  has  devel¬ 
oped  proof-of-concept  ex¬ 
ploits  for  two  of  the  other 
flaws  that  were  disclosed  by 
Microsoft  last  week,  Aitel  said. 

In  an  e-mail  comment,  a 
Microsoft  spokeswoman  said 
that  the  company  knew  about 
the  exploit  code’s  availability. 
But,  she  added,  the  software 
vendor  “is  not  currently  aware 
of  active  attacks  that  use  this 
exploit  code,  or  of  customer 


software  vendor  Unit  4  Agres- 
so  NV.  SAP  certification  is  like¬ 
ly  within  a  year,  Axmark  said. 

The  new  version  of  MySQL 
also  changes  the  way  the  data¬ 
base  performs  common  tasks, 
making  it  behave  more  like 
other  databases.  The  goal,  offi¬ 
cials  said,  is  to  make  it  easier 
for  database  administrators  to 
switch  from  other  systems. 

The  price  for  MySQL  Net¬ 
work,  the  company’s  subscrip¬ 
tion  support  service,  for  the 
new  version  still  ranges  from 
$594  to  $4,806  per  server  per 
year,  depending  on  the  service 
level  required,  Axmark  said. 

MySQL  officials  have  long 
maintained  the  technology  is 
complementary  —  and  not 
competitive  —  with  the  enter¬ 
prise  databases  of  IBM  and 
Oracle.  And  with  Version  5, 
said  Axmark,  MySQL  still 
“won’t  attack  the  data  center 
installations,  but  there  are 
thousands  of  other  platforms 
out  there  for  which,  in  some 
cases,  an  enterprise  database 
may  be  too  much.”  ©  57537 


Niccolai  is  a  reporter  for  the 
IDG  News  Service. 


impact  at  this  time.” 

Nonetheless,  similar  ex¬ 
ploits  of  the  MSDTC  flaw 
could  quickly  become  widely 
available,  said  Neel  Mehta, 
team  leader  of  the  X-Force  re¬ 
search  team  at  Internet  Secu¬ 
rity  Systems  Inc.  in  Atlanta. 

“It’s  almost  certain  that  oth¬ 
er  hackers  are  working  on  the 
same  thing  right  now,”  Mehta 
said.  He  noted  that  apart  from 
the  relative  ease  with  which 
the  flaw  can  be  exploited,  the 
vulnerability  presents  a  tempt¬ 
ing  target  for  attackers  be¬ 
cause  the  MSDTC  service 
runs  by  default  on  Windows 
2000  servers  and  can  be  taken 
advantage  of  without  users 
having  to  take  any  action. 

Alfred  Huger,  senior  direc¬ 
tor  of  engineering  for  Syman¬ 
tec  Corp.’s  security  response 
team,  said  his  company  hadn’t 
received  any  reports  of  sys¬ 
tems  being  compromised  via 
the  MSDTC  flaw  as  of  Thurs- 


Microsoft  Fixes  14 

MICROSOFT  last  week  re¬ 
leased  a  total  of  nine  security 
updates  with  fixes  for  14  sepa¬ 
rate  vulnerabilities,  four  of  which 
were  given  “critical”  severity 
ratings  by  the  software  vendor. 

Among  the  critical  flaws,  the 
ones  that  evoked  the  most  con¬ 
cern  among  security  analysts 
were  the  vulnerability  in 
MSDTC,  which  is  used  by  Win¬ 
dows  to  manage  database, 
messaging  and  file-system 
transactions,  and  a  hole  in  the 
C0M+  service  that’s  built  into 
the  operating  system  to  handle 
resource  management  tasks. 

The  two  flaws  were  detailed 
in  a  single  security  bulletin  by 
Microsoft,  which  officially 
counted  them  and  two  that 
were  less  severe  as  just  one 
vulnerability  -  a  standard  prac¬ 
tice  that  the  company  uses 
when  one  patch  can  fix  multiple 
security  holes. 

Both  flaws  could  enable 
hackers  to  gain  complete  ad¬ 
ministrative  control  of  unpro¬ 
tected  servers  and  are  similar 
to  the  vulnerability  in  a  plug- 
and-play  component  of  Win¬ 
dows  2000  that  the  creators  of 
Zotob  and  its  variants  took  ad- 


New  MySQL  Version  Adds 
Enterprise  Capabilities 


day.  But  he  warned  that  the 
new  vulnerability  presents  the 
same  kind  of  opportunity  for 
malicious  hackers  that  led  to 
the  Zotob  outbreak,  which 
caused  problems  at  several 
large  companies. 

Fenwick  &  West  LLP  man¬ 
aged  to  avoid  getting  hit  by 
Zotob  because  its  antivirus 
software  was  effective  at  fil¬ 
tering  out  the  worm,  said  Matt 
Kesner,  chief  technology  offi¬ 
cer  at  the  Mountain  View, 
Calif. -based  law  firm. 

Nonetheless,  the  firm  has 
sped  up  its  patching  processes 
out  of  concerns  about  similar 
outbreaks.  IT  staffers  now 
hold  a  meeting  “immediately 
after  Microsoft  releases  its 
patches”  on  the  second  Tues¬ 
day  of  each  month,  Kesner 
said.  “Then  we  try  to  test  and 
get  the  patches  out  by  Friday.” 
Last  week,  the  firm  finished 
deploying  the  new  patches  on 
Thursday  night.  ©  57539 

Flaws,  4  ‘Critical’ 

vantage  of  in  August. 

But  Russ  Cooper,  editor  of  the 
NTBugtraq  newslist  and  a  scien¬ 
tist  at  IT  security  vendor  Cyber¬ 
trust  Inc.  in  Herndon,  Va„  said 
via  e-mail  that  the  newly  discov¬ 
ered  vulnerabilities  are  unlikely  to 
give  would-be  attackers  any 
more  of  an  opening  than  they  al¬ 
ready  had.  “Systems 
vulnerable  to  an  MSDTC  worm 
are  wide  open  to  the  Internet,” 
he  said.  “Such  systems  are  ripe 
for  attacks  of  all  sorts  anyway.” 

Microsoft  on  Friday  said  it  was 
aware  of  “isolated  deployment 
issues”  with  the  patch  for  the 
MSDTC  and  C0M+  flaws.  The 
company  was  “working  with  the 
limited  amount  of  customers  af¬ 
fected  to  help  resolve  the  issue,” 
a  spokeswoman  said  via  e-mail. 

It  also  posted  a  notice  describing 
various  system  problems  that 
could  occur  after  installing  the 
patch,  plus  workarounds  for  fix¬ 
ing  them,  she  added. 

The  SANS  Institute’s  Internet 
Storm  Center  in  Bethesda,  Md„ 
said  it  had  heard  from  more  than 
two  dozen  people  who  reported 
that  they  had  problems  when 
they  tried  to  install  the  patch. 

-  Jaikumar  Vijayan 


Congratulations 
Award  Recipients! 


Computerworld’s  Enterprise  Management  World,  in  conjunction  with  the 
Distributed  Management  Task  Force  (DMTF),  proudly  announced  the  results 
of  the  second  annual  “Best  Practices  in  Enterprise  Management”  Awards 
Program.  This  program  recognized  case  studies  highlighting  noteworthy 
solution  implementation  projects  and  deployments. 


Award  Recipients  in  each  of  the  following  categories  were  recognized  during  an  awards 
ceremony  at  Enterprise  Management  World  in  Bethesda,  MD,  September  14th: 

Distributed  Systems  and  infrastructure  Implementation 

•  Fulton  County  Department  of  Information  Technology  -  Atlanta,  Georgia 

•  Rent-A-Center,  Inc.  -  Plano,  Texas 

Honorable  Mentions:  Denver  Health  Hospital  and  Medical  Center  -  Denver,  Colorado 

Iron  Age  Corporation  -  Westborough,  Massachusetts 
Oklahoma  Heart  Hospital  -  Oklahoma  City,  Oklahoma 
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Best  Practices 

IN  ENTERPRISE  MANAGEMENT 


AWARDS  PROGRAM 


AWARDS  PROGRAM  EXCLUSIVELY  SPONSORED  BY: 

EMC2 

where  information  lives 


Security  and  Risk  Management 

•  BT  -  New  York,  New  York 

•  Lehman  Brothers  -  New  York,  New  York 

Honorable  Mentions:  Forsyth  County  -  Winston-Salem,  North  Carolina 

MasterCard  International  -  O'Fallon,  Missouri 
Media  General  -  Richmond,  Virginia 

Industry  Regulation,  Compliance  and  Corporate  Governance 

•  The  Guardian  Life  Insurance  Company  of  America  -  New  York,  New  York 
Honorable  Mentions:  Aspect  Communications  -  San  Jose,  California 

Finisar  -  Sunnyvale,  California 

Managing  to  Improve  TCO/ROI 

•  Countrywide  Financial  Corp.  -  Calabasas,  California 
•SMART  Communications,  Inc.  -  Makati  City,  Philippines 

Honorable  Mentions:  Belgacom  -  Brussels,  Belgium 

Calpine  Corporation  -  Houston,  Texas 
Oakland  County  -  Pontiac,  Michigan 


Innovation  and  Promise 

•  City  of  Austin  -  Austin,  Texas 

•  Northeastern  University  -  Boston,  Massachusetts 

Honorable  Mentions:  Intel  (in  partnership  with  RosettaNet)  -  Santa  Clara,  California 

Kroll  Ontrack  Inc.  -  Eden  Prairie,  Minnesota 
The  New  York  Botanical  Garden  -  Bronx,  New  York 
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Tools  Clamp  Down  on 
Spreadsheet  Abuse 


New  offerings  can 
provide  IT  control 
over  access  to  data 

BY  HEATHER  HAVENSTEIN 

IT  shops  are  increasingly  em¬ 
bracing  new  business  intelli¬ 
gence  tools  that  aim  to  forge  a 
balance  between  strident  user 
demands  for  spreadsheets  and 
corporate  requirements  that 
financial  data  be  consistent 
and  accurate. 

Actuate  Corp.  this  week 
plans  to  unveil  a  spreadsheet 
development  environment  for 
building  enterprise-class  sys¬ 
tems  with  customized  user  in¬ 
terfaces  and  strong  manage¬ 
ment  controls. 

The  new  Spreadsheet  Ap¬ 
plication  Platform  also  con¬ 


tains  server-managed  work- 
flow  and  automated  write¬ 
back  to  central  data  stores  so 
transactional  systems  can  be 
updated  to  reflect  user 
changes  through  a  process 
based  on  rules  set  up  by  IT 
operations,  according  to  San 
Francisco-based  Actuate. 

Odom’s  Tennessee  Pride 
Sausage  Inc.  will  use  the  Actu¬ 
ate  release  to  create  a  spread¬ 
sheet  application  for  its  ERP 
system  that  can  lock  down  in¬ 
formation  that  shouldn’t  be 
changed. 

The  tool  will  also  allow  for 
updates  of  Odom’s  corporate 
database  using  authorized 
data  placed  into  spreadsheets, 
said  Michael  Hader,  director 
of  IT  at  the  Madison,  Tenn.- 
based  company.  “Obviously, 


this  creates  a  much  more  pro¬ 
ductive  environment  for  col¬ 
laborative  analysis,”  he  added. 

The  company,  which  now 
uses  Actuate’s  spreadsheet  re¬ 
porting  software,  plans  to  up¬ 
grade  to  the  new  product  soon 
after  it  ships  this  week,  he  said. 

Closer  Ties  to  Office 

Fujitec  America  Inc.,  a  manu¬ 
facturer  of  elevators  and  esca¬ 
lators,  turned  to  Actuate  three 
years  ago  when  the  company 
realized  it  could  never  extri¬ 
cate  spreadsheets  from  the  en¬ 
terprise  system,  said  Rick 
Groth,  CIO  at  the  Lebanon, 
Ohio-based  company. 

Since  then,  the  company  has 
used  Actuate’s  spreadsheet 
tools  to  deliver  reports  from 
its  ERP  systems  in  an  Excel- 


compatible  format. 

Groth  said  he  is  interested 
in  the  new  platform  because 
of  its  ability  to  write  back  to 
transactional  systems. 

Eric  Rogge,  an  analyst  at 
Ventana  Research  Inc.  in  San 
Mateo,  Calif.,  said  the  new 
spreadsheet  tools  appeal  to 
companies  as  they  look  to  bet¬ 
ter  integrate  BI  tools  and  Of¬ 
fice  applications  like  Excel. 
This  integration  will  allow 
users  to  avoid  the  cut-and- 
paste  process  of  moving  infor¬ 
mation  from  corporate  data 
sources  into  reports  and  other 
documents,  he  added. 

Meanwhile,  Hyperion  Solu¬ 
tions  Corp.  last  week  brought 
out  Hyperion  System  9,  which 
marries  the  company’s  BI  and 
financial  management  soft¬ 
ware  with  a  single  user  inter¬ 
face.  The  new  version  also 
provides  controlled  access  to 
spreadsheets  that  can  be  auto¬ 
matically  updated  as  autho¬ 
rized  data  from  underlying 
transactional  systems  change, 


said  John  Kopcke,  chief  tech¬ 
nology  officer  at  the  Santa 
Clara,  Calif.-based  vendor. 

Booz  Allen  Hamilton  Inc.  is 
using  a  beta  version  of  Hyper¬ 
ion  9  for  a  pilot  project  auto¬ 
mating  the  creation  of  end- 
user  dashboards,  said  Kevin 
Cook,  director  of  company¬ 
wide  financial  reporting  sys¬ 
tems  at  the  McLean,  Va. -based 
consulting  firm. 

Cook  envisions  that  the  new 
system  will  allow  Booz  Allen 
users  to  automatically  update 
Microsoft  PowerPoint  presen¬ 
tations  with  embedded  Excel 
spreadsheets  that  are  now 
used  to  provide  company  ex¬ 
ecutives  with  details  about  en¬ 
terprise  operations. 

“Now  they  are  running  some 
old  reports  against  the  data 
warehouse  and  dumping  that 
into  Excel,”  Cook  said.  “Some¬ 
times  they  are  finding  errors 
and  correcting  the  data  [in  the 
spreadsheet]  instead  of  com¬ 
ing  back  to  the  source  system 
to  correct  the  data.”  O  57534 


Continued  from  page  1 

ITjL 

progress.  As  part  of  the  ITIL 
process,  tech-support  workers 
assigned  to  the  company’s 
help  desk  were  retrained  or 
replaced  with  systems  analysts 
and  employees  who  could 
probe  application  problems. 

Using  workers  with  better 
skills  increased  GuideStone’s 
payroll  costs  but  led  to  a  dra¬ 
matic  turnaround  in  respon¬ 
siveness,  Sawyer  said.  Most  IT 
problems  are  now  resolved 
within  seven  minutes,  she  not¬ 
ed.  Before  the  adoption  of 
ITIL,  it  sometimes  took  more 
than  a  day  to  fix  problems. 

Jim  Marrs,  data  center  man¬ 
ager  at  Austin  Energy  in  Texas, 
said  the  utility  started  imple¬ 
menting  ITIL  this  year.  Marrs 
said  he  sees  the  standard  as  a 
framework  for  organizing  in¬ 
ternal  processes,  “so  IT  is 
more  focused  as  a  service.” 

For  IT  staffers,  that  means 


documenting  their  activities 
in  more  detail,  as  well  as 
spelling  out  the  steps  and 
processes  used  to  manage  IT- 
related  events  and  changes  to 
systems,  he  added. 

ITIL  was  developed  in  the 
1980s  by  the  U.K.’s  Central 
Computer  and  Telecommuni¬ 
cations  Agency  and  is  now 
maintained  by  that  country’s 
Office  of  Government  Com¬ 
merce.  The  standard  incorpo¬ 
rates  suggested  best  practices 
across  a  spectrum  of  IT  proc¬ 
esses  and  also  details  those 
processes  while  documenting 
how  to  manage  them. 

But  getting  IT  workers  to 
change  their  ways  isn’t  always 
easy,  said  Slater  M.  Butts,  di¬ 
rector  of  network  services  at 
Safeway  Inc.  in  Salt  Lake  City. 
When  it  comes  to  standards 
such  as  ITIL,  many  IT  staffers 
really  “don’t  like  to  adhere  to 
them,”  he  said.  “They  just  like 
to  carry  the  banner.” 

However,  Butts  sees  value  in 
ITIL,  which  Safeway’s  IT  op¬ 


eration  has  been  deploying  in 
a  gradual  way  for  the  past  four 
years.  Having  a  framework  for 
internal  IT  services  “takes 
cost  out  of  the  process  be¬ 
cause  you  don’t  have  to  re¬ 
engineer  them”  whenever  you 
need  to  make  changes,  he  said. 

Richard  Davenport,  a  senior 
consultant  at  Bridgeport,  Pa.- 

Data  Center 
Standards  Get 
A  Broader  View 

CHICAGO 

AFCOM  MEMBERS  have  al¬ 
ways  been  interested  in  stan¬ 
dards  affecting  things  such  as 
the  cabling  in  data  centers.  But 
at  last  week’s  conference,  there 
seemed  to  be  growing  interest  in 
standards  that  can  have  a  broad 
impact  on  IT  and  data  center 
management  -  including,  but 
not  limited  to,  ITIL 
For  instance,  Steve  Hernan- 


based  Fox  IT  LLC,  which 
helps  companies  implement 
ITIL,  said  the  standard  forces 
adopters  to  think  about  IT 
more  as  a  service  than  as  a 
collection  of  technologies. 

For  instance,  Davenport  said 
that  if  a  company’s  help  desk 
—  or  service  desk,  as  it’s  often 
called  in  ITIL  shops  —  discov- 

dez,  Omaha-based  director  of 
enterprise  management  and 
processing  services  at  First  Data 
Corp.,  is  participating  in  an  effort 
to  promote  the  Data  Center 
Markup  Language. 

DCML,  which  is  being  spear¬ 
headed  by  the  Organization  for 
the  Advancement  of  Structured 
Information  Standards,  can  be 
used  by  IT  vendors  to  improve 
product  interoperability.  The  stan¬ 
dard  allows  hardware  devices 
and  management  systems  to 
work  with  one  another,  potential¬ 
ly  improving  data  center  manage¬ 
ment  as  well  as  the  ability  to  con- 


ers  a  number  of  small  errors, 
ITIL  problem-management 
processes  will  trigger  a  search 
for  larger  underlying  causes. 
Tech-support  workers  also 
can  become  more  proactive 
and  recommend  new  IT  ser¬ 
vices  that  add  value  for  busi¬ 
ness  users,  Davenport  said. 

O  57542 
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figure  and  document  IT  facilities. 

Although  Hernandez  said  he 
doesn’t  know  how  much  money 
he  could  save  at  First  Data’s 
seven  data  centers  through  the 
use  of  DCML,  he  sees  increased 
standardization  as  a  critical  ele¬ 
ment  of  improving  IT  efficiency 
and  cutting  operating  costs. 

“What  I’m  looking  for  as  a  user 
is  for  vendors  to  provide  [DCML 
compliance]  as  part  of  their  prod¬ 
ucts,”  said  Hernandez,  who 
added  that  he  hopes  more  users 
will  join  the  effort  to  convince 
vendors  to  adopt  the  standard. 

-  Patrick  Thibodeau 
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The  point  of  business  is  cost-effectively  connecting  enterprise  resources  to  better  serve  your  customers.  With  a  wholly  owned,  end-to-end 
network — backed  by  a  team  of  consultants  working  with  you  to  develop  the  optimal  solution  for  your  environment — Time  Warner  Cable  delivers 
reliable  business  communications.  Add  to  that,  standard  and  customized  SLAs,  along  with  a  full  suite  of  data,  video,  and  security  solutions — 
including  Metro  Ethernet,  Teleworker  Solutions,  Branch  Office  Connectivity — and  you  have  a  scalable  infrastructure  for  sharing  information, 
reducing  costs  and  realizing  the  value  on  your  IT  investment.  That's  the  point  of  business. 


Highest  Customer  Satisfaction  With  Business  Broadband  Data  Service  Providers 


iJD,  Power  and  Associates  .2005  Major  .provider  Business  Telecommunications.  Services  Study5'”1. 
Broadband  Data:  segment  includes  services  such  as  DSL,  cable  modem,  ISDN,  T-l,  ethernet  and 
videoconferencing  services.  Study  conducted  among  5, 178  businesses  with  2-500+  employees  that 
subscribe  to  major  providers  in  the  broadband  business  telecommunications  market,  www.jdpower.com 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 

R&D&IT 


ANEW  STUDY  from  Booz  Allen  Hamilton  says  there’s  no 
relationship  between  R&D  spending  and  business  per¬ 
formance.  Amazing,  huh?  And  it’s  true  —  sort  of.  The 
study,  by  Booz  analysts  Barry  Jaruzelski,  Kevin  Dehoff 
and  Rakesh  Bordia,  does  report  that  simply  spending 
lots  of  money  on  R&D  doesn’t  guarantee  good  business  results  — 
which  is  not  quite  the  same  as  saying  there’s  no  relationship  be¬ 
tween  R&D  spending  and  performance. 

You  can  download  the  study,  titled  “Money  Isn’t  Everything,”  at 
www.computerworld.com/qPa7310.  Do  it  now  —  if  only  because 
you’ll  soon  need  to  explain  to  your  CEO  what  this  study  isn't  saying. 


Yes,  I  know  —  you’re  in  IT,  not  R&D.  But 
here’s  how  the  dots  connect:  R&D  is  in  the  in¬ 
novation  business.  So  is  IT.  Sure,  IT  also  does 
operations  and  maintenance.  But  every  new  IT 
project  is  developing  something  new.  You  even 
call  those  new  things  “products,”  just  like  the 
R&D  guys  do.  And  if  spending  on  R&D  doesn’t 
produce  the  desired  business  results,  why 
should  anyone  expect  spending  on  IT  projects 
to  work  any  better? 

If  your  CEO  draws  that  conclusion,  your 
new-projects  budget  is  headed  for  the  shredder. 

Fortunately,  to  prevent  that,  you  have  an  ally: 
that  same  study  from  Booz  Allen  Hamilton. 

See,  when  these  Booz  analysts  looked  at  the 
1,000  publicly  traded  companies  that  spend  the 
most  on  R&D,  they  didn’t  really  find  no  connec¬ 
tion  between  spending  and  results.  And  luckily, 
their  key  findings  make  nice,  simple  bullet 
points  for  you  to  show  your  CEO: 

a  If  you  don’t  spend  enough  on  R&D,  busi¬ 
ness  performance  suffers. 

a  If  you  spend  too  much  on  R&D,  you  won’t 
get  enough  business  performance  improvement 
to  justify  that  spending. 

■  Nobody  knows  exactly  how 
much  is  “too  much.” 

b  What  matters  isn’t  how  much 
you  spend,  but  how  you  spend  it. 

Some  companies  with  moderate 
R&D  budgets  get  great  results. 

Some  with  huge  R&D  budgets  get 
mediocre  results.  The  difference,  as 
the  Booz  analysts  say,  is  “processes, 
not  pocketbooks.” 

Does  this  all  sound  blazingly  ob¬ 
vious?  Of  course  it  does.  It’s  just  as 
true  about  your  car  as  about  your 
R&D  (or  IT)  department.  Fail  to 
•pend  enough  on  auto  maintenance, 


and  your  car  won’t  run  well.  Spend  too  much, 
or  on  the  wrong  things,  and  your  car  won’t  run 
any  better;  you’ve  wasted  money. 

Then  why  did  Booz  do  the  study?  Because  it’s 
an  article  of  faith  among  investors  that  beefing 
up  R&D  is  a  way  of  goosing  growth.  So  when 
CEOs  want  to  show  investors  that  they’re  seri¬ 
ous  about  corporate  growth,  they  invest  in  R&D. 
And  investors,  seeing  the  R&D  investment,  fig¬ 
ure  that  means  future  growth,  and  buy  in. 

But  according  to  the  Booz  study,  that’s  a 
myth.  More  R&D  spending  doesn’t  guarantee  a 
return  on  investment.  R&D  is  no  silver  bullet. 
And  that  myth-busting  “no  relationship”  state¬ 
ment  makes  perfect  sense  — for  investors. 

But  not  for  CEOs  who  still  have  to  figure  out 
how  to  create  innovation,  both  in  R&D  and  in  IT. 

So  now  you  have  two  new  items  on  your 
agenda.  First,  you  want  to  make  sure  your  CEO 
sees  a  copy  of  this  Booz  study.  He’s  probably  al¬ 
ready  seen  the  headlines;  you  want  to  make 
sure  he  sees  the  rest  of  it,  too. 

And  second,  you  need  to  dive  deep  into  the 
study  yourself.  Nearly  everything  these  analysts 
say  about  R&D  is  also  true  of  IT.  That  includes 
their  advice  for  improving  product- 
development  processes  by  listening 
to  customers,  betting  on  the  right 
projects,  improving  development 
speed  and  cutting  product  costs. 

If  you  can  apply  that  advice,  you 
can  become  like  those  R&D  depart¬ 
ments  that  don’t  under-  or  over¬ 
spend  but  still  get  great  returns  on 
their  innovation  investments. 

And  you’ll  create  a  clear  relation¬ 
ship  between  your  IT  spending  and 
business  performance  —  no  matter 
what’s  going  on  at  a  thousand  other 
companies.  ©  57498 


frank  hayes,  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank.hayes@camputerworld.com. 


Not  So  Strange  After  All 

Help  desk  manager  pilot  fish  takes  this  call  personally: 
A  very  big  bigwig’s  PC  is  “behaving  strangely.”  “Think¬ 
ing  it  was  a  computer  virus,  I  took  the  emergency  kit 
and  a  laptop  and  prepared  for  the  worst,”  says  fish. 
“Sitting  down  at  the  machine,  I  surveyed  the  huge 
wooden  desk,  smelled  lemon-scented  wood  polish 
and  noticed  no  mouse  pad.  Sure  enough,  the  mouse 
ball  had  wax,  and  the  surface  of  the  desk  alone  did  not 
provide  friction.  Installed  spare  optical  mouse.  Problem 
solved.  Got  a  very  nice  letter  from  the  bigwig,  too.” 


Unclear  on 

™fea„“™,ept  SHARK 

State  agency  Tlill/ 
wants  to  use  a  IANImI 
bus  to  travel 
around  the  state,  auc¬ 
tioning  off  surplus  equip¬ 
ment.  “Everything  looks 
good,”  says  a  pilot  fish 
helping  to  set  it  up,  “ex¬ 
cept  they  want  a  laptop 
to  run  the  auctions  live 
against  the  surplus  data¬ 
base.  And  it  has  to  have 
a  wireless  connection.” 

Why  don’t  you  just  use  a 
modem?  fish  asks.  Re¬ 
sponse:  “We  go  to  sites 
that  are  so  remote,  they 
might  not  have  a  phone 
connection.” 

They  Were  Such 
Nice  People,  Too 

This  newly  hired  pilot 
fish  knows  his  predeces¬ 
sor  left  suddenly  after 
only  a  few  months, 
seemingly  for  no  reason. 

But  fish  can’t  figure  out 
why:  Everyone  at  this 
small  accounting  firm 
seems  nice  and  friendly. 

“There  were  two  office 
locations  across  the 
street  from  each  other,” 
fish  reports.  “Shortly 
after  setting  up  remote 
access  to  desktops  to  re¬ 
duce  the  number  of  trips 
across  the  street,  I  was 
accused  of  laziness  and 
conspiracy  -  and  fixing 
the  users’  problems  be¬ 
hind  their  backs.” 


We  Can 
Do  That 

Riot  fish  cre¬ 
ates  an  image 
of  his  signature 
to  be  added  automat¬ 
ically  to  his  outgoing 
e-mails.  Other  users  see 
it  and  ask  for  his  help 
creating  their  own.  “One 
day,  I  get  a  message 
from  a  notoriously  clue¬ 
less  user,  asking  to  have 
a  signature  created  for 
her  e-mail,”  says  fish.  “I 
replied  back  with  mine 
showing,  and  asked  her 
if  she  would  like  one 
similar  to  mine.  Her  re¬ 
ply?  ‘No,  I  want  one  with 
my  name  on  it.’  ” 

It’s  All  About 
Priorities 

Presenter  at  this  techni¬ 
cal  seminar  is  about  to 
start  her  high-tech  demo 
when  she  realizes  that 
the  batteries  in  the  re¬ 
mote  control  for  her  pro¬ 
jector  are  dead.  But 
that’s  not  a  problem. 
“The  room  was  filled 
with  network  engineers 
and  admins,  who  were 
quick  to  offer  up  the 
batteries  from  their 
pagers,”  says  a  pilot  fish 
on  the  scene.  “Not  only 
was  this  a  chance  to 
show  that  chivalry  isn’t 
dead,  but  also  to  prevent 
any  delay  of  the  happy 
hour  that  followed  the 
presentation.” 


OGET  HAPPY  WITH  SHARKY.  Send  me  your  true  tale 
of  IT  life  at  sharky@computerworld.com,  and  you’ll 
get  a  stylish  Shark  shirt  if  I  use  it.  And  check  out  the  daily 
feed,  browse  the  Sharkives  and  sign  up  for  Shark  Tank 
home  delivery  at  computerworld.com/sharky. 


micro  syst 


Given  how  hot  and  slow  our  competitor's  servers  are,  it's  no  surprise  their  name 


ES  WITH  HELL 


Sun  Fire”  X4100 


Dell  PE6850 


SPECfp  rate2000:  79-1 


SP E Cf p  jate  2000 :  52 . 5 


Check  out  our  cool  new  industry  standard  x64  servers 
powered  by  AMD  Opteron  processors.  They  run  Solaris" 
(our  favorite),  Windows  and  Linux.  Visit  sun.com/better. 
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Oracle  Database 


World's  #1 


A 


For  Small 


Database 

Business 


Easy  to  use.  Easy  to  manage. 
Only  $149  per  user. 


oraole.com/standardedition 
or  call  1.800.633.0753 


Terms,  conditions,  and  limitations  apply.  Pricing,  specifications,  availability  and  terms  of  offers  may  change  without  notice.  Taxes,  fees  and  shipping  charges 
extra,  vary  and  are  not  subject  to  discount.  Oracle  Database  Standard  Edition  One  is  available  with  Named  User  Plus  licensing  at  $149  per  user 
with  a  minimum  of  five  users  or  $4995  per  processor.  Licensing  of  Oracle  Standard  Edition  One  is  permitted  only  on  servers 
that  have  a  maximum  capacity  of  2  CPUs  per  server.  For  more  information,  visit  oracle.com/standardedition 
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